nginx authbasic only protects folders but not individual files

Posted April 25, 2015 2.8k views

I have this in my server config

location / {

            try_files $uri $uri/ =404;
            auth_basic  "protected site";
            auth_basic_user_file  /etc/nginx/.htpasswd;

When I call my domain or any subfolder, e.g. protection works fine

but when I call my domain incl. file-name, e.g. I don’t need to enter any credentials and can just bypass authbasic.

What did I do wrong here?

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
1 answer

Solved it.

auth_basic  "protected site";
auth_basic_user_file  /etc/nginx/.htpasswd;

has to be moved outside of location block and then it works for the whole site