nginx auth_basic

Question

I have a problem with NGINX basic_auth.

I want to secure all my website and exclude one location.

website.fr = secure website.fr/commande/validation/summary = unsecure

It works but when i cancel authentification, display website without CSS. I want to have a 401 error authentification required.

Can you help me please?

Here my nginx.conf

server {
    listen   80; ## listen for ipv4; this line is default and implied
    server_name website.fr;

    access_log  /var/log/nginx/localhost.access.log;
    error_log  /var/log/nginx/localhost.error.log;

    root /var/www/website/web;
    index app_test.php
    # Limitation d'accés
    client_max_body_size 20M;
    #Default Location
    location / {
            #auth_basic "protection";
            #auth_basic_user_file /var/www/website/web/.htpasswd;
            root /var/www/actuanimau

x/web;
                index app_test.php;
                auth_basic "protection";
                auth_basic_user_file /var/www/website/web/.htpasswd;

                if (-f $request_filename) {


                break;
                }



                rewrite "^/([a-zA-Z]{0,10})\/?media\/(tmp|user|animal|article|association|common_content|event|product)\/(.{36})\/.*_(min|moy|med|small|photo|zoom|pano)\.(.{3,4})$" /$1/media/$2/$3_$4.$5 break;
                rewrite "^/([a-zA-Z]{0,10})\/?media\/(tmp|user|animal|article|association|common_content|event|product)\/(.{36})\/.*\.(.{3,4})$" /$1/media/$2/$3.$4 break;

                rewrite "^/([a-zA-Z]{0,10})\/?upload\/(animal|association|ckeditor)\/(.{36})\/.*\.(.{3,4})$" /$1/upload/$2/$3.$4 break;


                rewrite ^(.*)$ /app_test.php last;

        }

        ## Images and static content is treated different
        location ~* ^(media|upload)/[^/]+/[^/]+\.(jpg|jpeg|gif|css|png|js|ico|xml)$ {
                access_log        off;
                expires           30d;
                root /var/www/website/web;
        }

        ## Parse all .php file in the /var/www directory
        location ~ .php$ {
                satisfy any;
                #auth_basic "Authentification Required";
                #auth_basic_user_file /var/www/website/web/.htpasswd;

                fastcgi_split_path_info ^(.+\.php)(.*)$;
                fastcgi_pass   backend;
                fastcgi_index  index.php;
                fastcgi_param  SCRIPT_FILENAME  /var/www/website/web/$fastcgi_script_name;
                include fastcgi_params;
                fastcgi_param  QUERY_STRING     $query_string;
                fastcgi_param  REQUEST_METHOD   $request_method;
                fastcgi_param  CONTENT_TYPE     $content_type;
                fastcgi_param  CONTENT_LENGTH   $content_length;
                fastcgi_intercept_errors        on;
                fastcgi_ignore_client_abort     off;
                fastcgi_connect_timeout 60;
                fastcgi_send_timeout 128;
                fastcgi_read_timeout 128;
                fastcgi_buffer_size 256k;
                fastcgi_buffers 4 256k;
                fastcgi_busy_buffers_size 256k;
                fastcgi_temp_file_write_size 256k;
    }

        location = ~/commande/validation/summary {
        auth_basic off;
        allow all;
        }
        ##Disable viewing .htaccess & .htpassword
        location ~ /\.ht {
                #deny  all;
                allow all;
        }



upstream backend {
        server 127.0.0.1:9000;
}

Answer 1

You will need to repeat the auth_basic directives inside the location block for your PHP, too. They are not "inherited". Nginx uses only the most specific match.