1

I run SugarCRM on a LEMP stack and have it closed down with auth_basic. That works fine, headers show:

WWW-Authenticate:
Basic realm="Username and Password are required"

Some files within SugarCRM have their own built in http auth through PHP, for example ical_server.php which shows in its headers:

WWW-Authenticate:
Basic realm="SugarCRM iCal"
X-Dav-Powered-By:
PHP class: HTTP_WebDAV_Server_iCal

I am attempting to bypass auth_basic for this file, or at least my own realm, the first one shown above.

location = /ical_server.php {
       auth_basic "off";
}

However, this switches off both realms. In other words, it switches off auth_basic altogether, indiscriminately.

Is there a way to selectively switch off a http basic authentication realm of choice? The Nginx documentation seems to suggest there isn't, if that's true, then is there another, perhaps roundabout way to accomplish this?

Such as a regex for switching on my realm in the first place?

Pseudocode:

location != /ical_server.php {
auth_basic "Username and Password are required";
auth_basic_user_file /var/web/webaddress.tld/private/.htpasswd;

}

Though I don't think negative matching is possible.

Any ideas?

JayMcTee
  • 3,763
  • 12
  • 20

1 Answers1

0

You may define two locations :

location /ical_server.php {

}
location / {
        auth_basic "Username and Password are required";
        auth_basic_user_file /var/web/webaddress.tld/private/.htpasswd;
}
Eric Ly
  • 373
  • 2
  • 13
  • Thank you, it was indeed as straight-forward as that. It keeps boggling my mind when Nginx takes the first matching location and when it takes the last, or any other in between, to execute. – JayMcTee Apr 16 '15 at 13:09
  • I'm still on the case (; Nginx seems to select the first location that match with the request and does not compute anything else. – Eric Ly Apr 16 '15 at 13:22