Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 10th March 2013, 21:17
mottwsc mottwsc is offline
Junior Member
 
Join Date: Feb 2013
Posts: 9
Thanks: 1
Thanked 0 Times in 0 Posts
Default securing access to a folder - 404 error

I'm trying to secure a directory on a CentOS 6.3 64 server running NGINX 1.2.7. I think I've set this up correctly, but it keeps giving me a 404 Not Found error when I try to access a file in that folder in the browser using domainName/secure/hello2.html.

I created an .htpasswd file using printf "MYUSER:$(openssl passwd -1 MYPASSWORD)\n" >> .htpasswd
and put that into the /var/www/protected/ folder.

I also modified the NGINX config file and included a location/auth block for the /secure/ folder:
Code:
# protect the "secure" folder ( /var/www/html/secure )
location ^~ /secure/ {
auth_basic "Restricted";
auth_basic_user_file /var/www/protected/.htpasswd;
}
If I comment out this block from the config file and restart NGINX, I can see the file in the browser with no problem. I even moved the .htpasswd file into the /secure/ folder and changed the config file to reflect that change (just to see what would happen), but I still get the 404 Not Found error.

Can anyone tell me what I'm missing?
Reply With Quote
Sponsored Links
  #2  
Old 12th March 2013, 18:38
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,735 Times in 2,571 Posts
Default

Have you tried

Code:
location /secure/ {
...
}
?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 13th March 2013, 01:06
mottwsc mottwsc is offline
Junior Member
 
Join Date: Feb 2013
Posts: 9
Thanks: 1
Thanked 0 Times in 0 Posts
Default still doesn't work...

falko -

I tried your suggestion - same error. I also set up an .htpasswd file in the same /secure directory to make the case as simple as possible - same error.

I've also looked at the numerous examples on the web and I appear to be doing it the suggested way. Not sure what else to try, but it shouldn't be this difficult.
Reply With Quote
  #4  
Old 15th March 2013, 13:14
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,735 Times in 2,571 Posts
Default

Can you post the whole vhost configuration?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 15th March 2013, 23:21
mottwsc mottwsc is offline
Junior Member
 
Join Date: Feb 2013
Posts: 9
Thanks: 1
Thanked 0 Times in 0 Posts
Default whole nginx config file

Here is the whole nginx config file:

Code:
server {
    listen       80;
    server_name  mm201.myserver.com;

    #charset koi8-r;
    #access_log  /var/log/nginx/log/host.access.log  main;

    location / {
        root   /var/www/html;
        index  index.php  index.html index.htm;
    }

    # protect the "secure" folder  ( /var/www/html/secure )
    location /secure/ {
        auth_basic "Restricted";
        auth_basic_user_file /var/www/protected/.htpasswd;
    #   auth_basic_user_file /var/www/html/secure/.htpasswd;
    }

    error_page  404              /404.html;
    location = /404.html {
        root   /var/www/html;
    }

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /var/www/html;
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    #    proxy_pass   http://127.0.0.1;
    #}


    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    location ~ \.php$ {
        root    /var/www/html;
        fastcgi_pass   127.0.0.1:9000;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        include        fastcgi_params;
    }

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    #    deny  all;
    #}
}
Reply With Quote
  #6  
Old 16th March 2013, 11:02
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,735 Times in 2,571 Posts
Default

You have no document root defined in that location. But instead of specifying a document root for each location, you can specify an overall document root in the server {} container (and comment out the root lines in each location).
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #7  
Old 16th March 2013, 15:20
mottwsc mottwsc is offline
Junior Member
 
Join Date: Feb 2013
Posts: 9
Thanks: 1
Thanked 0 Times in 0 Posts
Default Solved

falko - that was exactly what was needed to fix the problem. Thank you!
Reply With Quote
  #8  
Old 16th March 2013, 22:11
mottwsc mottwsc is offline
Junior Member
 
Join Date: Feb 2013
Posts: 9
Thanks: 1
Thanked 0 Times in 0 Posts
Default Spoke too soon... not working for php files

falko - I found that this solution worked perfectly with html files, but it seemed to not pay attention when trying a php file. In other words, I would get the authentication login/pw notice when I searched for an html file in the /secure directory, just as I should. However, when I put a php file - a simple one that displays phpinfo() - in the secure directory, it would show the output directly without the authentication notice. I did try this several times, opening a new browser and clearing everything (cache, cookies, history, etc.) to make sure I started fresh.

I searched on the web related to securing php and I ran across a couple of things I added in the config file for security or performance purposes (mainly having to do with try_files), as well as protection for the munin folder, so I am showing the updated nginx config.

Thanks for any suggestions...

Code:
server {
    listen       80;
    server_name  mm201.myserver.com;
    
    root  /var/www/html  #(root statement needs to be at the server block level and the rest of the individual statements commented out)

    #charset koi8-r;
    #access_log  /var/log/nginx/log/host.access.log  main;

    location / {
        #root   /usr/share/nginx/html;  #(this was the default location)
        #root	  /var/www/html;  #(this was moved up to the server block level and the individual root statements were commented out)
        # this statement allows static content to be served first
            try_files $uri $uri/ /index.php

	 index index.php index.html index.htm;
    }

    # protect the "secure" folder ( /var/www/html/secure )
    location  /secure/ {
    #location ^~ /secure/ {
        auth_basic "Restricted";
        auth_basic_user_file /var/www/protected/.htpasswd;
    }

    # updated munin folder to be protected ( /var/www/html/munin )
    location ^~ /munin/ {
        auth_basic "Restricted";
        auth_basic_user_file /var/www/protected/.htpasswd;
    }

    error_page  404              /404.html;
    location = /404.html {
    } 

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    #    proxy_pass   http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    location ~ \.php$ {
    #   root   /var/www/html;
        try_files $uri =404;
    # the above was inserted to block malicious code uploads, but nginx and
    # the php-fcgi workers must be on the same physical server

        fastcgi_pass   127.0.0.1:9000;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        include        fastcgi_params;
    }

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    location ~ /\.ht {
        deny  all;
    }
}
Reply With Quote
  #9  
Old 17th March 2013, 12:17
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,735 Times in 2,571 Posts
Default

It must be
Code:
root  /var/www/html;
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #10  
Old 17th March 2013, 14:06
mottwsc mottwsc is offline
Junior Member
 
Join Date: Feb 2013
Posts: 9
Thanks: 1
Thanked 0 Times in 0 Posts
 
Default reposting config file

My mistake there on copying it from a doc (which had other comments) vs. the script. It does have a ; after that statement in the actual script. Just to be safe in communicating, though, I have copied it from the script on the server.

I thought a read somewhere that there had to be extra security statements within the php block, or maybe that the php block had to be within a larger block which had security statements - ever heard of this?

Thanks for any suggestions.

Code:
server {
    listen       80;
    server_name  mm201.myserver.com;

    root  /var/www/html;

    #charset koi8-r;
    #access_log  /var/log/nginx/log/host.access.log  main;

    location / {
    #   root   /var/www/html;
    # this statement allows static content to be served first
        try_files $uri $uri/ /index.php

        index  index.php  index.html index.htm;
    }

    # protect the "secure" folder  ( /var/www/html/secure )
    location /secure/ {
    #   root  /var/www/html;
        auth_basic "Restricted";
        auth_basic_user_file /var/www/protected/.htpasswd;
    #   auth_basic_user_file /var/www/html/secure/.htpasswd;
    }

    # protect the "munin" folder  ( /var/www/html/munin ) and subfolders
    location ^~ /munin/ {
        auth_basic "Restricted";
        auth_basic_user_file /var/www/protected/.htpasswd;
    }

    error_page  404              /404.html;
    location = /404.html {
    #   root   /var/www/html;
    }

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
    #   root   /var/www/html;
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    #    proxy_pass   http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    location ~ \.php$ {
    #   root    /var/www/html;
        try_files $uri =404;
    # the above was inserted to block malicious code uploads, but nginx and
    # the php-fcgi workers must be on the same physical server

        fastcgi_pass   127.0.0.1:9000;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        include        fastcgi_params;
    }

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    location ~ /\.ht {
        deny  all;
    }
}
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
cyrus-sasl won't install on my ubuntu9.04 kameelperdza Installation/Configuration 1 13th June 2009 10:28
installing Perl module GD - ran into problems Ovidiu Installation/Configuration 6 19th September 2006 09:32
configuring IPTABLES firewall adityavpratap HOWTO-Related Questions 9 27th May 2006 21:42
Frustrated with ISPConfig install! woozyerdaddee Installation/Configuration 4 19th May 2006 03:38
Fresh Install on Debian cksrealm Installation/Configuration 12 22nd February 2006 16:14


All times are GMT +2. The time now is 20:10.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.