Opened 3 years ago

Closed 3 years ago

#2260 closed defect (invalid)

NGINX Basic Authentication Not Using SSL

Reported by: ngx3@… Owned by:
Priority: minor Milestone:
Component: documentation Version: 1.18.x
Keywords: Cc: ngx3@…
uname -a: 18.04 LTS
nginx -V: 1.18

Description

I noticed this issue with chrome / chromium based browsers.

I have NGINX basic authentication placed on my site's admin portal and I found when a user goes to domain.com/admin it prompts them for their credentials, which works fine and all, but I found that it does not have SSL, so your credentials can be read.

When visiting domain/admin there is a warning that this site is not secure. If you hit cancel on the page, you get the 401 error, but then by refreshing the page returns the prompt with SSL.

Change History (1)

comment:1 by Maxim Dounin, 3 years ago

Resolution: invalid
Status: newclosed

Basic authentication checks authentication and responds to the requests regardless of whether SSL is used or not. If you want nginx to redirect non-SSL requests to SSL, this should be configured separately. If you have questions on how to configure nginx, please use the support options available.

Note: See TracTickets for help on using tickets.