nginx authbasic only protects folders but not individual files

April 25, 2015 1.8k views
Nginx Ubuntu Security LEMP

I have this in my server config

location / {

            try_files $uri $uri/ =404;
            auth_basic  "protected site";
            auth_basic_user_file  /etc/nginx/.htpasswd;
    }

When I call my domain or any subfolder, e.g. http://example.com/folder/ protection works fine

but when I call my domain incl. file-name, e.g. http://example.com/index.php I don’t need to enter any credentials and can just bypass authbasic.

What did I do wrong here?

1 Answer

Solved it.

auth_basic  "protected site";
auth_basic_user_file  /etc/nginx/.htpasswd;

has to be moved outside of location block and then it works for the whole site

Have another answer? Share your knowledge.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!