I have this in my server config
location / {
try_files $uri $uri/ =404;
auth_basic "protected site";
auth_basic_user_file /etc/nginx/.htpasswd;
}
When I call my domain or any subfolder, e.g. http://example.com/folder/ protection works fine
but when I call my domain incl. file-name, e.g. http://example.com/index.php I don’t need to enter any credentials and can just bypass authbasic.
What did I do wrong here?
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Solved it.
has to be moved outside of location block and then it works for the whole site