Find the answer to your Linux question:
Results 1 to 3 of 3
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    trouble protecting directories

    I'm trying to protect a few directories and the commands in my nginx config file don't seem to work. I've tried a few variations on this but am not sure what is wrong. I have a .htpasswd file already set up in /var/www/protected/

    (1) I'm trying to protect access to a munin folder off the var/www/html (web) folder, but it allows direct access.

    (2) I'm also trying to protect access to a style folder off the same web folder, but the style.css file in there can still be viewed. What it does do is render the home index.html page without the css, which is not what I want. I am able to protect a style directory on another server through a control panel and that still renders the index.html page fine there, so I'm not sure what is happening here.

    There is also something I read about having to include the location ~ \.php$ block inside the protected directories for them to be able to render php - is this true? Does that mean that I would leave the location ~ \.php$ block where it is for general purposes but copy it and also put it within each protected directory location section?

    Any suggestions are welcome.

    server {
        listen       80;
        #charset koi8-r;
        #access_log  /var/log/nginx/log/host.access.log  main;
        location / {
    	  root   /var/www/html;
            index index.php index.html index.htm;
        # munin folder to be protected
        #location  ^~ /munin/ {
        #auth_basic "Restricted";
        #auth_basic_user_file /var/www/protected/.htpasswd;
        # style folder to be protected
        #location ^~ /style/ {
        #auth_basic "Restricted";
        #auth_basic_user_file /var/www/protected/.htpasswd;
        error_page  404              /404.html;
        location = /404.html {
    	  root   /var/www/html;
        # redirect server error pages to the static page /50x.html
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
    	  root   /var/www/html;
        # pass the PHP scripts to FastCGI server listening on
        location ~ \.php$ {
    	  root   /var/www/html;
            fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
            include        fastcgi_params;
        # hide the password file
        # - this will deny access to any hidden file (beginning with .ht)
        location ~ /\.ht {
            deny  all;

  2. #2
    Linux Guru Rubberman's Avatar
    Join Date
    Apr 2009
    I can be found either 40 miles west of Chicago, in Chicago, or in a galaxy far, far away.
    What are the actual permissions (rwx) on the folders in question? IE, what is the output of "ls -l" when applied to the folder? You can restrict access to the owner, or group. PHP has zip to do with this at the operating system level. However, it may be that PHP will allow you to restring external access to its own folders. This seems to be what is happening here. So, please provide information about version of PHP, nginix, etc that you are using, and what you have done to verify that your configuration files are correct.
    Sometimes, real fast is almost as good as real time.
    Just remember, Semper Gumbi - always be flexible!

  3. #3
    Rubberman -

    ls -l on these two:
    /var/www/html (which contains the web files) is drwxr-xr-x 5 root root ...
    /var/www/protected (which contains the .htpasswd file) is drwxr-xr-x 2 root root ...
    ls -l on the two I am trying to protect:
    /var/www/html/munin is drwxr-xr-x 5 munin munin ...
    /var/www/html/style is drwxr-xr-x 5 root root ...

    I'm running Centos 6.3 64, PHP 5.4.11, Nginx 1.2.7
    (one potentially odd thing I saw when running phpinfo was that, under Environment, the HOME for nginx was /var/cache/nginx (when I assume it should be /var/www/html as that is what is specified as root in the nginx config file).

    The only reason php plays a role is because of what I stated above about including it for FastCGI because I am using nginx. I have not modified the ini file.

    I think the problem has to do with how things as set up in the nginx config file. I have followed numerous examples, many of which have been different, but I haven't found the right commands to make the protection work with the .htpasswd file.



Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts