nginx authbasic only protects folders but not individual files
I have this in my server config
location / {
try_files $uri $uri/ =404;
auth_basic "protected site";
auth_basic_user_file /etc/nginx/.htpasswd;
}
When I call my domain or any subfolder, e.g. http://example.com/folder/ protection works fine
but when I call my domain incl. file-name, e.g. http://example.com/index.php I don't need to enter any credentials and can just bypass authbasic.
What did I do wrong here?
Log In to Comment