Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Thread Tools Display Modes
Old 3rd March 2013, 18:35
mottwsc mottwsc is offline
Junior Member
Join Date: Feb 2013
Posts: 9
Thanks: 1
Thanked 0 Times in 0 Posts
Default trouble protecting directories in nginx

I'm trying to protect a few directories and the commands in my nginx config file don't seem to work. I've tried a few variations on this but am not sure what is wrong. I have a .htpasswd file already set up in /var/www/protected/

(1) I'm trying to protect access to a munin folder off the var/www/html (web) folder, but it allows direct access.

(2) I'm also trying to protect access to a style folder off the same web folder, but the style.css file in there can still be viewed. What it does do is render the home index.html page without the css, which is not what I want. I am able to protect a style directory on another server through a control panel and that still renders the index.html page fine there, so I'm not sure what is happening here.

There is also something I read about having to include the location ~ \.php$ block inside the protected directories for them to be able to render php - is this true? Does that mean that I would leave the location ~ \.php$ block where it is for general purposes but copy it and also put it within each protected directory location section?

Any suggestions are welcome.

server {
    listen       80;
    server_name mydomain.com;

    #charset koi8-r;
    #access_log  /var/log/nginx/log/host.access.log  main;

    location / {
	  root   /var/www/html;
        index index.php index.html index.htm;

    # munin folder to be protected
    #location  ^~ /munin/ {
    #auth_basic "Restricted";
    #auth_basic_user_file /var/www/protected/.htpasswd;

    # style folder to be protected
    #location ^~ /style/ {
    #auth_basic "Restricted";
    #auth_basic_user_file /var/www/protected/.htpasswd;

    error_page  404              /404.html;
    location = /404.html {
	  root   /var/www/html;

    # redirect server error pages to the static page /50x.html
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
	  root   /var/www/html;

    # pass the PHP scripts to FastCGI server listening on
    location ~ \.php$ {
	  root   /var/www/html;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        include        fastcgi_params;

    # hide the password file
    # - this will deny access to any hidden file (beginning with .ht)
    location ~ /\.ht {
        deny  all;
Reply With Quote
Sponsored Links


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
A Working Nginx Catchall with ISPConfig 3. renders Tips/Tricks/Mods 4 15th April 2011 22:53
Being Spammed/Hacked/Probed not sure PLEASE HELP! kresser General 10 29th October 2010 18:25
Webmin upgrade lishaw1968 Installation/Configuration 15 26th August 2010 16:23
Postfix problem and few questions Gimly Installation/Configuration 12 7th July 2009 17:27
Protecting user directories and admispconfig question Mr Blek Installation/Configuration 7 30th June 2007 19:31

All times are GMT +2. The time now is 18:40.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.