Password lock site except for certain routes running nginx

Question

We have a server we don't want Google to index or anyone else to get access to unless they have a password.

How can I directory lock the entire server except for very specific routes used by external scanning services?

For instance, example.com/test should output a response from the framework without blocking but any other URL should ask for a password to get any content response.

I know how to do this with Apache using .htpasswd, but I need to be able to do it on nginx while whitelisting a specific route.

score 3 · Accepted Answer · answered Sep 20 '18 at 04:23

This will enable /test/ to respond without needing any authentication and every other request will need authentication.

server {

  auth_basic      "Administrator Login";
  auth_basic_user_file  /var/www/static/.htpasswd;

  location /test/ {
    auth_basic off;
  }

}

score 1 · Answer 2 · answered Sep 20 '18 at 04:16

1

Like this:

server {
    ...
    auth_basic "Enter password";
    auth_basic_user_file path/to/htpasswd;

    location /test/ {
        auth_basic off;
    }
}

answered Sep 20 '18 at 04:16

miknik

5,748
1
10
26

Password lock site except for certain routes running nginx

2 Answers2