Protect folder and all files/subdirectories with htpasswd in nginx

Question

This is so weird - I am trying to password protect a folder in nginx, and it's sorta working... here is my config block:

        location /private/ {
                auth_basic "Restricted";
                auth_basic_user_file /usr/share/nginx/htpasswd;
                index index.php;
        }

...and when I visit http://example.com/private, I am prompted for an .htaccess password (good), but BEHIND that prompt I see the browser partially loading the page (some broken HTML and images)-- obviously very bad. It seems like the images subfolder is being allowed through, even before the user enters a user/pass.

How can I prevent the /private dir (and EVERYTHING under it) from being served before the user gives the correct user/pass?

Have all caches been cleared (browser, intermediary/proxy)? Check the Network tab in the browser dev tools to examine the requests. What request/response headers are you seeing? Is everything stored within the `/private` subdirectory, or are images and other static resources stored outside of this? Your use of the term `.htaccess` (with which you have also tagged the question?) is confusing - this should have nothing to do with `.htaccess`? — MrWhite, Apr 08 '19 at 10:19
You're right - my bad on `.htaccess` and I removed it. I'll check the network settings and cache issues. — Eric, Apr 08 '19 at 11:35

Protect folder and all files/subdirectories with htpasswd in nginx

0 Answers0