0

The site is using php 5.6.40 FPM by NGINX on Centos 7.8.2033 - Plesk Onyx 17.8.11

  • The site is hosted on https://boutique.domaine.fr

  • The admin console can be accessed through : https://https://boutique.domaine.fr/admin

  • I used by the past Apache and .htaccess and .htpasswd were fine.

I absolutely need to protect this admin area by an existing .htpasswd I do not want to use SSH as I am not used to it.

I tried:

location ^~ /admin { 
    auth_basic "Restricted";
    auth_basic_user_file /var/www/vhosts/domaine.fr/boutique/admin/.htpasswd;
}

But this does not do the trick.

Mohamed Benkedadra
  • 1,964
  • 3
  • 21
  • 48
YDA
  • 1
  • 1

1 Answers1

0

Maybe this works, it denies the other connections unless they are properly authenticated.

location ^~ /admin { 
deny all;
auth_basic "Restricted";
auth_basic_user_file /var/www/vhosts/domaine.fr/boutique/admin/.htpasswd;
}

If it doesn't work you also have the option to restrict the directory by IP, which is simpler and provides security.

https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/#combining-basic-authentication-with-access-restriction-by-ip-address

Luis13
  • 81
  • 4