How to restrict NGINX rewrite 'location' with auth_basic_user_file

Question

I have the following location block in my NGINX server block:

location ~ ^/admin {
  auth_basic "Restricted";
  auth_basic_user_file /etc/nginx/.htpasswd;
  if (!-e $request_filename){
      rewrite ^(.*)$ /index.php?uri=$1;
  }
}

But it doesn't work. The /etc/nginx/.htpasswd file exists and was generated using the htpasswd command:

sudo htpasswd -c /etc/nginx/.htpasswd admin

I've done this before but it just stopped working this time. The only difference this time is that I'm trying to do auth_basic_user_file inside of a rewrite block this time.

Dayo · Accepted Answer · 2020-06-12T05:54:46.190

1

That config will not work because the rewrite phase, if XYZ, will always run before the access phase, auth_XYZ, regardless of how you arrange them in the location block.

See Nginx Phase Order

You need to add the authentication requirement to your php block in addition to the one you already have.

edited Jun 12 '20 at 05:54

answered Feb 05 '15 at 19:19

Dayo

12,413
5
52
67

How to restrict NGINX rewrite 'location' with auth_basic_user_file

1 Answers1