Hello,

On 01/13/2017 04:42 PM, lacibaci wrote:
> I have a location that I would like to protect:
>
> location /private {
> satisfy any;
>
> allow 192.168.1.0/24;
> deny all;
>
> auth_basic "Protected";
> auth_basic_user_file conf/htpasswd;
> }
>
> This works for /private /private/ and /private/somefile.html
>
> However, when I request (GET or POST) /private/foo.php it will execute
> without auth.
>
> How can I set it up so everything under /private is protected?
>

The request is probably being handled by a different location (ie the
one that handles PHP requests).

See http://nginx.org/en/docs/http/ngx_http_core_module.html#location for
the order in which location is determined.

--
Jim Ohlstein
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx