Opened 3 years ago
Closed 3 years ago
#2260 closed defect (invalid)
NGINX Basic Authentication Not Using SSL
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | documentation | Version: | 1.18.x |
| Keywords: | Cc: | ngx3@… | |
| uname -a: | 18.04 LTS | ||
| nginx -V: | 1.18 | ||
Description
I noticed this issue with chrome / chromium based browsers.
I have NGINX basic authentication placed on my site's admin portal and I found when a user goes to domain.com/admin it prompts them for their credentials, which works fine and all, but I found that it does not have SSL, so your credentials can be read.
When visiting domain/admin there is a warning that this site is not secure. If you hit cancel on the page, you get the 401 error, but then by refreshing the page returns the prompt with SSL.
Note:
See TracTickets
for help on using tickets.
Basic authentication checks authentication and responds to the requests regardless of whether SSL is used or not. If you want nginx to redirect non-SSL requests to SSL, this should be configured separately. If you have questions on how to configure nginx, please use the support options available.