Nginx Password Protect Directory Downloads Source Code
Posted
by
Pamela
on Server Fault
See other posts from Server Fault
or by Pamela
Published on 2014-08-20T03:00:46Z
Indexed on
2014/08/20
4:23 UTC
Read the original article
Hit count: 540
I'm trying to password protect a WordPress login page on my Nginx server. When I navigate to http://www.example.com/wp-login.php, this brings up the "Authentication Required" prompt (not the WordPress login page) for a username and password. However, when I input the correct credentials, it downloads the PHP source code (wp-login.php) instead of showing the WordPress login page.
Permission for my htpasswd file is set to 644.
Here are the directives in question within the server block of my website's configuration file:
location ^~ /wp-login.php {
auth_basic "Restricted Area";
auth_basic_user_file htpasswd;
}
Alternately, here are the entire contents of my configuration file (including the above four lines):
server {
listen *:80;
server_name domain.com www.domain.com;
root /var/www/domain.com/web;
index index.html index.htm index.php index.cgi index.pl index.xhtml;
error_log /var/log/ispconfig/httpd/domain.com/error.log;
access_log /var/log/ispconfig/httpd/domain.com/access.log combine$
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location /stats/ {
index index.html index.php;
auth_basic "Members Only";
auth_basic_user_file /var/www/web/stats/.htp$
}
location ^~ /awstats-icon {
alias /usr/share/awstats/icon;
}
location ~ \.php$ {
try_files /b371b8bbf0b595046a2ef9ac5309a1c0.htm @php;
}
location @php {
try_files $uri =404;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/lib/php5-fpm/web11.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors on;
}
location / {
try_files $uri $uri/ /index.php?$args;
client_max_body_size 64M;
}
location ^~ /wp-login.php {
auth_basic "Restricted Area";
auth_basic_user_file htpasswd;
}
}
If it makes any difference, I'm using Ubuntu 14.04.1 LTS with Nginx 1.4.6 and ISPConfig 3.0.5.4p3.
© Server Fault or respective owner