401 Unauthorized
Similar to 403 Forbidden, but specifically for use when authentication is required and has failed or has not yet been provided. The response must include a WWW-Authenticate header field containing a challenge applicable to the requested resource.
To achieve this, you can add a new location and restrict it with a htaccess. Create htaccess file with htpasswd -c /etc/nginx/htpasswd/htpasswd.domain username
. Then add a new location to your nginx config and inside that location, put these:
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/htpasswd/htpasswd.domain;
Now if you go tot he location specified by you and the auth_basic was implemented, then the website will ask for a username and password. If you enter incorrect data, it will drop you the 401 error code.
403 Forbidden
The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
Just add a new location that you have and deny access to it and tell NginX to return a specific error code.
location ~ /(dir1|dir2|dir3) {
deny all;
return 403;
}
404 Not Found
The requested resource could not be found but may be available in the future. Subsequent requests by the client are permissible.
Similar to the previous version:
location ~ /(dir1|dir2|dir3) {
deny all;
return 404;
}
This should deny your access to that location with a 404.
Obviously restart NginX as the last step. for each modifications.
In theory it is enough if you just add all the locations and always return different error codes.