Welcome! Log In Create A New Profile

Advanced

Re: auth_basic not requiring Authorization

July 01, 2011 02:30PM
On Jul 1, 2011, at 19:58 , bindsocket wrote:

> Having a huge problem with the auth_basic. Despite putting in the exact
> same lines as what I found in many examples, the web server is still
> allowing access even without sending any authorization.
> Relevent conf bits:
>
> server {
> listen 80;
> server_name my.servers.name.com;
> log_format fullCombined '$remote_addr - $http_x_forwarded_for
> $remote_user [$time_local] '
> '"$request" $http_content_length $status
> $body_bytes_sent '
> '"$http_referer" "$http_user_agent"';
> access_log /var/log/nginx/access.log fullCombined;
> error_log /var/log/nginx/error.log;
>
> root /var/www/current/pub;
>
> client_body_buffer_size 1024k;
>
> ## Default location
> location / {
> index index.php;
>
> auth_basic "Ingester";
> auth_basic_user_file .htpasswd;
>
> rewrite ^index.php(.*)$ /index.php?/$1 last;
> if (!-f $request_filename) {
> rewrite ^/(.*)$ /index.php?/$1 last;
> break;
> }
>
> }
> ## Parse all .php file in the /var/www directory
> location ~ .php$ {
> fastcgi_pass backend;
> fastcgi_index index.php;
> fastcgi_param SCRIPT_FILENAME
> $document_root$fastcgi_script_name;
> include /etc/nginx/fastcgi_params;
> fastcgi_param QUERY_STRING $query_string;
> fastcgi_param REQUEST_METHOD $request_method;
> fastcgi_param CONTENT_TYPE $content_type;
> fastcgi_param CONTENT_LENGTH $content_length;
> fastcgi_intercept_errors on;
> fastcgi_ignore_client_abort off;
> fastcgi_connect_timeout 60;
> fastcgi_send_timeout 180;
> fastcgi_read_timeout 180;
> fastcgi_buffer_size 128k;
> fastcgi_buffers 4 256k;
> fastcgi_busy_buffers_size 256k;
> fastcgi_temp_file_write_size 256k;
> }
>
> ## Disable viewing .htaccess & .htpassword
> location ~ /\.ht {
> deny all;
> }
> }

location / {
index index.php;

auth_basic "Ingester";
auth_basic_user_file .htpasswd;

try_files $uri /index.php?$uri;

location ~ ^/index.php(/.*)$ {
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$index.php;
include /etc/nginx/fastcgi_params;
fastcgi_param QUERY_STRING $1;
...
}

location ~ \.php$ {
fastcgi_pass backend;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
fastcgi_param QUERY_STRING $query_string;
...
}

}

## Disable viewing .htaccess & .htpassword
location ~ /\.ht {
deny all;
}
}


--
Igor Sysoev
http://sysoev.ru/en/


_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx
Subject Author Posted

auth_basic not requiring Authorization

bindsocket July 01, 2011 11:58AM

Re: auth_basic not requiring Authorization

Maxim Dounin July 01, 2011 12:20PM

Re: auth_basic not requiring Authorization

Jim Ohlstein July 01, 2011 12:22PM

Re: auth_basic not requiring Authorization

Igor Sysoev July 01, 2011 02:30PM

Re: auth_basic not requiring Authorization

bindsocket July 05, 2011 01:49PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 153
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready