trouble protecting directories in nginx

Discussion in 'Installation/Configuration' started by mottwsc, Mar 3, 2013.

  1. mottwsc

    mottwsc New Member

    I'm trying to protect a few directories and the commands in my nginx config file don't seem to work. I've tried a few variations on this but am not sure what is wrong. I have a .htpasswd file already set up in /var/www/protected/

    (1) I'm trying to protect access to a munin folder off the var/www/html (web) folder, but it allows direct access.

    (2) I'm also trying to protect access to a style folder off the same web folder, but the style.css file in there can still be viewed. What it does do is render the home index.html page without the css, which is not what I want. I am able to protect a style directory on another server through a control panel and that still renders the index.html page fine there, so I'm not sure what is happening here.

    There is also something I read about having to include the location ~ \.php$ block inside the protected directories for them to be able to render php - is this true? Does that mean that I would leave the location ~ \.php$ block where it is for general purposes but copy it and also put it within each protected directory location section?

    Any suggestions are welcome.

    Code:
    server {
    listen       80;
    server_name mydomain.com;

    #charset koi8-r;
    #access_log  /var/log/nginx/log/host.access.log  main;

    location / {
	  root   /var/www/html;
        index index.php index.html index.htm;
    }

    # munin folder to be protected
    #location  ^~ /munin/ {
    #auth_basic "Restricted";
    #auth_basic_user_file /var/www/protected/.htpasswd;
    #}

    # style folder to be protected
    #location ^~ /style/ {
    #auth_basic "Restricted";
    #auth_basic_user_file /var/www/protected/.htpasswd;
    #}

    error_page  404              /404.html;
    location = /404.html {
	  root   /var/www/html;
    } 

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
	  root   /var/www/html;
    }

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    location ~ \.php$ {
	  root   /var/www/html;
        fastcgi_pass   127.0.0.1:9000;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        include        fastcgi_params;
    }

    # hide the password file
    # - this will deny access to any hidden file (beginning with .ht)
    #
    location ~ /\.ht {
        deny  all;
    }
}
     
    mottwsc, Mar 3, 2013
    #1

Share This Page