• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Resolved nginx and access static files after authentification

L. Hagen

L. Hagen

Basic Pleskian
Hello,

I discovered a new problem with nginx and hope again, that somebody of you can give me a help.
Background:
  • nginx as proxy for apache (Plesk Odin & Umbuto)
  • a password restricted area /admin
  • a directory with a huge amount of photos /photo
  • directory permissions are set to 755 und files to 644
When using the website as a normal visitor I can access (<img> or <a>) the images in /photo. But when I entered the restricted user area and have been successfully logged in I get a 403 Permission denied. I'm totally confused now. Does anybody has an idea (or much better a solution), please?

thank you and best regards,
Lars
 
Hi L. Hagen,

are you aware, that NGINX as well as APACHE use for example:

Apache:
Code: 
        <Directory "/var/www/vhosts/YOUR-DOMAIN.COM/httpdocs/YOUR-SECURED-FOLDER">
            AuthType Basic
            AuthName "Secure Login"
            AuthUserFile "/var/www/vhosts/system/YOUR-DOMAIN.COM/pd/d..httpdocs"
            require valid-user
        </Directory>

NGINX:
Code: 
    location ~ ^/YOUR-SECURED-FOLDER {
        auth_basic "Secure Login";
        auth_basic_user_file "/var/www/vhosts/system/YOUR-DOMAIN.COM/pd/d..httpdocs";

        location ~ \.php(/.*)?$ {
            fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
            fastcgi_param PATH_INFO $fastcgi_path_info;
            fastcgi_pass "unix:///var/www/vhosts/system/YOUR-DOMAIN.COM/php-fpm.sock";
            include /etc/nginx/fastcgi.conf;
        }

Plesk offers the possibilty to add needed modifications in your webserver configuration files for "Password-Protected Directories" at:

=> HOME > Domains > YOUR-DOMAIN.COM > Password-Protected Directories

Consider to use the Plesk feature, to avoid misconfigurations in your webserver configuration files. ;)
 
Hi UFHH01,

sorry for my late response but thank you for your help! Today I noticed that I was a bit stupid, becuase I had some old .htaccess rules active, that worked on http:// but at the same time I switched to nginx on my live system I changed my system to "https://". So the access was forbidden... DAMN :)

best regards,
Lars
 
You must log in or register to reply here.

Similar threads

E
How to Set up Your WordPress Website Security
Replies
0
Views
2K
Elvis Plesky
E
R
Plesk 12.5.30: nginx gives 403 forbidden on images after upgrade from 11.x
2
Replies
30
Views
22K
gennolo
gennolo
Back
Top