Posted by superfedya on August 18, 2012 at 3:15pm
Hi,
It works great for really existed /admin path, but in Drupal it doesn't exist, so I cannot protect admin directory with htpasswd.
Any fix or suggestion?
Thanks
htpasswd doesn't works for /admin path
Comments
Have you read
Have you read http://wiki.nginx.org/HttpAuthBasicModule?
yes and it works for the real
yes and it works for the real directory. /admin for drupal isn't real directory.
It doesn't matter
it works with URIs not real files. In drupal URIs are not files in general.
location ^~ /admin {auth_basic "Restricted access"; #realm
auth_basic_file .htpasswd; # .htpasswd is the user-password file
}
Doesn't works, after
Thanks
Doesn't works, after authorization: 404 Not Found on admin page.
I assume you're on D7? Is
I assume you're on D7? Is this true? If so try:
location ^~ /admin {auth_basic "Restricted access"; #realm
auth_basic_file .htpasswd; # .htpasswd is the user-password file
try_files $uri @drupal;
}
If you're looking for maximum performance, then:
location ^~ /admin {auth_basic "Restricted access"; #realm
auth_basic_file .htpasswd; # .htpasswd is the user-password file
## Include the FastCGI config.
include fastcgi_drupal.conf;
fastcgi_pass phpcgi;
}
Note: untested the later option.
No, Drupal 6 :(
No, Drupal 6 :(
For drupal 6
just replace:
try_files $uri @drupal;by
try_files $uri /index.php;It should work.
Doesn't work: 403
Doesn't work: 403 Forbidden
This line is incorrect: auth_basic_file, must be: auth_basic_user_file
but it doesn't work anyway :(
I find the 403
strange. Are you sure that the password file is readable by the server?
location ^~ /admin {auth_basic "Restricted access"; #realm
auth_basic_user_file .htpasswd; # .htpasswd is the user-password file
## Include the FastCGI config.
include fastcgi_drupal.conf;
fastcgi_pass phpcgi;
}
same problem here
having the same behavior as superfedya
the htpasswd is def readable!
is there a known bug on this or something?
ouch...are you sure you want
ouch...
are you sure you want to do it like that ?
If I access your site with the following url: http://site/q=admin/whatever, I will be able to access your admin section if you don't redirect q= urls to clean urls.
You must have the nginx to rewrite to the clean URL before calling the php engine!
Another way around this is to have two domains (site and admin.site), disable admin URLs completely with redirection on main site and block admin.site with an htaccess.
Are you sure that the
Yes and it works fine for existing directory, but now for drupal's admin path :(
Just tested with
location ^~ /admin {auth_basic "Restricted access"; #realm
auth_basic_user_file .htpasswd; # .htpasswd is the user-password file
try_files $uri /index.php?q=$no_slash_uri&$args;
}
and it works perfectly on a D6 site.
I'll add it to my config as an option. Both for D6 and D7.
Yes it works fine, thank you!
Yes it works fine, thank you!
It works, but Drupal admin
It works, but Drupal admin page show error. Problem in HTTPRL module that use admin path for test purpose: admin/httprl-test
There is a way to add a exception for this path? admin/httprl-test***
Thanks
Followup
I've adjusted the httprl module so that it no longer uses the admin/httprl-test url