#730 closed defect (invalid)
.htpasswd and direct download
| Reported by: | Quentin Le Doledec | Owned by: | |
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | nginx-core | Version: | 1.2.x |
| Keywords: | htpasswd | Cc: | |
| uname -a: | Linux some.host.com 2.6.32-042stab103.6 #1 SMP Wed Jan 21 13:07:39 MSK 2015 x86_64 GNU/Linux | ||
| nginx -V: |
nginx version: nginx/1.2.1
TLS SNI support enabled configure arguments: --prefix=/etc/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-log-path=/var/log/nginx/access.log --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --lock-path=/var/lock/nginx.lock --pid-path=/var/run/nginx.pid --with-pcre-jit --with-debug --with-http_addition_module --with-http_dav_module --with-http_geoip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_realip_module --with-http_stub_status_module --with-http_ssl_module --with-http_sub_module --with-http_xslt_module --with-ipv6 --with-sha1=/usr/include/openssl --with-md5=/usr/include/openssl --with-mail --with-mail_ssl_module --add-module=/tmp/buildd/nginx-1.2.1/debian/modules/nginx-auth-pam --add-module=/tmp/buildd/nginx-1.2.1/debian/modules/nginx-echo --add-module=/tmp/buildd/nginx-1.2.1/debian/modules/nginx-upstream-fair --add-module=/tmp/buildd/nginx-1.2.1/debian/modules/nginx-dav-ext-module |
||
Description
Hi,
I protected a folder using "location" and auth_basic, it works well but if I try to direct download a file inside the folder, it doesn't prompt me for login & password.
Of course, I tried to direct download the file without auth'ing to the folder :P
Here is my vhost :
server {
...
location /folder {
auth_basic "Administrator Login";
auth_basic_user_file /path/to/htpasswd;
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
}
...
}
Change History (2)
comment:1 by , 9 years ago
| Resolution: | → invalid |
|---|---|
| Status: | new → closed |
comment:2 by , 9 years ago
You were right, I had an extra location matching the file pattern.
Thanks !
Note:
See TracTickets
for help on using tickets.
Make sure you have auth_basic enabled in other locations which can be used to access files in the folder. Common error is to configure auth_basic for a location, while not protecting access to the same files via locations given by regular expressions. If in doubt, use the
^~modifier to prevent checking regular expressions after the match, see docs for details.