nginx location directive

**nfn** · 01-20-2009 10:42 AM

Hi,

I'm trying to protect vbseocp.php and other locations in nginx using this directive, but doesn't work:

# vBSeo CP
location /forum/vbseocp.php/ {
auth_basic "Restricted";
auth_basic_user_file htpasswd;
}

Do you know if it's possible to add more than one location in the same directive:

location ~ ^/forum(admincp|modcp|vbseocp.php)/ {

As was looking to add another level of protection to admincp, modcp and vbseocp.php, bur the above example doesn't work :(

Anyone knows?

Thanks

**Oleg Ignatiuk** · 01-20-2009 12:40 PM

Please try to remove ending slash:
location /forum/vbseocp.php {

**nfn** · 01-20-2009 12:53 PM

I already saw that, but it doesn't work.
Do you know if I can place multiple directives like this:

location ~ ^/forum(admincp|modcp|vbseocp.php)/ {

**Oleg Ignatiuk** · 01-20-2009 01:36 PM

Yes, this is allowed: NginxHttpCoreModule - Nginx Wiki

**nfn** · 01-27-2009 09:36 AM

I'm having some troubles adding a 2nd level of protection using auth I discover that there is a strange behavior in the way we do this.

Code:

location /forum/admincp/ {
        auth_basic            "Restricted";
        auth_basic_user_file  htpasswd;
}

The above example as this behavor:

/forum/admincp -> Is protected
/forum/admincp/ -> Is protected
/forum/admincp/index.php -> Is not protected

This is very odd.

Next ... I would like to protect in one rule /forum/admincp/ | /forum/admincp/ | /forum/vbseco.php but I cant get it to work

You can see my actual configuration for this vhost in the attachment.

**Oleg Ignatiuk** · 01-27-2009 07:23 PM

Please check if it works with vBSEO rewrite rules temporarily removed (may be they are conflicting).
Also, try to put auth section at the bottom of config (below rewrite rules).

**nfn** · 01-27-2009 07:56 PM

Ok ..

Removing vBSeo rules has the same behavior.
Placing in the bottom as the same behavior.
Tested in another domain in the same server has a similar behavior.
Tested locally in my local server and using the default configuration works.

Is my nginx configuration attached ok?

**Oleg Ignatiuk** · 01-27-2009 10:40 PM

Yes, the config looks ok. Try to change auth section to:

Code:

        location ~ /forum/admincp/.* {
                auth_basic            "Restricted";
                auth_basic_user_file  htpasswd;
        }

**nfn** · 01-28-2009 04:49 AM

Hi Oleg

After some tests, I think this is a conflict with FastCGI. If i try admincp/index.php or other .php file, it fails.
With other extensions, I don't have problems; ex: admincp/file.txt or admincp/thisisafile.html

**nfn** · 01-28-2009 05:22 AM

Confirmed ...
I removed the FastCGI directive, everything will be as expected:

Code:

location ~ \.php$ {
        fastcgi_pass    127.0.0.1:9000;
        fastcgi_index   index.php;
        fastcgi_param   SCRIPT_FILENAME  /home/xxxxx/public$fastcgi_script_name;
        include         fastcgi_params;
}

**Oleg Ignatiuk** · 01-28-2009 11:17 AM

And that's even with auth section moved to the bottom? If you can provide us with server access details via support ticket, we'll check this further.

**Oleg Ignatiuk** · 01-29-2009 09:54 AM

Update.

I've used this for auth section (at the top of config):

Code:

        location ~ /forum/(admincp/|modcp/|vbseocp\.php).* {
                root    /home/***/public/;
                auth_basic            "Restricted";
                auth_basic_user_file  htpasswd;
       }

and updated second vBSEO rewrite section to:

Code:

        if ($request_filename ~ "\.php$" ) {
        rewrite  ^(.*(admincp/|modcp/|vbseocp\.php).*) $1 last;
        rewrite ^(/forum/.*)$ /forum/vbseo.php last;
      }

and that worked.

**nfn** · 01-29-2009 02:06 PM

Hi Oleg,

Thanks for your help once again. Now it's works as it should

I take the liberty to place here a fully functional nginx vhost for vBulletin & vBSeo with an additional layer of security using a protected area for admincp, modcp and vbseocp.php.

Code:

server {
        listen   80;
        server_name  example.com;
        rewrite ^/(.*) http://www.example.com/$1 permanent;
}

server {
        listen   80;
        server_name www.example.com;

        access_log /home/www/public_html/example.com/logs/access.log;
        error_log /home/www/public_html/example.com/logs/error.log;

        root   /home/www/public_html/example.com/public/;
        index  index.html index.php;

        # vBulletin & vBSeo Restricted
        location ~ /forum/(admincp/|modcp/|vbseocp\.php).* {
                root    /home/www/public_html/example.com/public/;
                auth_basic            "Restricted";
                auth_basic_user_file  htpasswd;
        }

        # FastCGI
        location ~ \.php$ {
                fastcgi_pass    127.0.0.1:9000;
                fastcgi_index   index.php;
                fastcgi_param   SCRIPT_FILENAME  /home/www/public_html/example.com/public$fastcgi_script_name;
                include         fastcgi_params;
        }

        # Expire Header for Images
        location ~* ^.+.(jpg|jpeg|gif|png|ico|css|js)$ {
                root    /home/www/public_html/example.com/public/;
                access_log      off;
                expires 30d;
        }

        # vBSeo - Start
        location /forum/ {

                rewrite ^/forum/((urllist|sitemap_).*\.(xml|txt)(\.gz)?)$ /forum/vbseo_sitemap/vbseo_getsitemap.php?sitemap=$1 last;

                if (!-e $request_filename) {
                        rewrite ^(/forum/.*)$ /forum/vbseo.php last;
                }

        }

        if ($request_filename ~ "\.php$" ) {
                rewrite  ^(.*(admincp/|modcp/|vbseocp\.php).*) $1 last;
                rewrite ^(/forum/.*)$ /forum/vbseo.php last;
        }
        # vBSeo - End
}

Note:the path's must be edited to match your configuration
Reference for http_auth module: NginxHttpAuthBasicModule - Nginx Wiki

**webwizzy** · 03-06-2009 08:00 PM

Originally Posted by Oleg Ignatiuk

Update.

I've used this for auth section (at the top of config):

Code:

        location ~ /forum/(admincp/|modcp/|vbseocp\.php).* {
                root    /home/***/public/;
                auth_basic            "Restricted";
                auth_basic_user_file  htpasswd;
       }

and updated second vBSEO rewrite section to:

Code:

        if ($request_filename ~ "\.php$" ) {
        rewrite  ^(.*(admincp/|modcp/|vbseocp\.php).*) $1 last;
        rewrite ^(/forum/.*)$ /forum/vbseo.php last;
      }

and that worked.

Hello,

Two questions please:-

1. Where does the htpasswd file resides?

2. And in the second part of the code - What does the highlighted part does? Is it necessary?

Thanks

**Oleg Ignatiuk** · 03-06-2009 08:16 PM

1. It's relative to nginx config folder.

2. It tells vBSEO NOT to process requests that are protected.

nginx location directive

LinkBack

Thread Tools

Display

nginx location directive

Similar Threads

Options FollowSymLinks or SymLinksIfOwnerMatch is off which implies that RewriteRule directive is forbidden

nginx

nginx

Unable to match directive-apache update error

Posting Permissions