nginx authbasic only protects folders but not individual files

April 25, 2015 1.8k views
Nginx Ubuntu Security LEMP
screenwatcher
By:
screenwatcher

I have this in my server config

location / {

            try_files $uri $uri/ =404;
            auth_basic  "protected site";
            auth_basic_user_file  /etc/nginx/.htpasswd;
    }

When I call my domain or any subfolder, e.g. http://example.com/folder/ protection works fine

but when I call my domain incl. file-name, e.g. http://example.com/index.php I don’t need to enter any credentials and can just bypass authbasic.

What did I do wrong here?

Sign In to Comment
1 Answer
screenwatcher April 25, 2015

Solved it.

auth_basic  "protected site";
auth_basic_user_file  /etc/nginx/.htpasswd;

has to be moved outside of location block and then it works for the whole site

Report
Have another answer? Share your knowledge.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Related