http://www.saigonist.com/taxonomy/term/376/all en http://www.saigonist.com/b/bypass-basic-auth-localhost-nginx <p>During development sometimes I hide a server behind a shared password for http basic auth, based on an Apache configuration (if you still want to use .htpasswd but don't have Apache and htpasswd installed you can still generate the password entries using openssl). nginx can use the same format of .htpasswd files by using the HttpAuthBasicModule. But sometimes I need a service to crawl pages on the server (for example Drupal's linkchecker module). And sometimes storing the basic auth login and password in a script isn't wanted or advisable. Instead we can configure nginx to skip authentication when connecting from localhost/127.0.0.1.</p> <p>Open up your nginx configuration which already contains your auth_basic directives. Assuming you are running a PHP site and you have a "location ~ \.php$" block, make it look more like this:</p> <p><div class="geshifilter"><pre class="javascript geshifilter-javascript" style="font-family:monospace;">location ~ \.<span style="color: #660066;">php</span>$ <span style="color: #009900;">&#123;</span> satisfy any<span style="color: #339933;">;</span> allow 127.0.0.1<span style="color: #339933;">;</span> deny all<span style="color: #339933;">;</span> &nbsp; auth_basic <span style="color: #3366CC;">&quot;Restricted&quot;</span><span style="color: #339933;">;</span> auth_basic_user_file <span style="color: #339933;">/</span>yoursite<span style="color: #339933;">/</span>path<span style="color: #339933;">/</span>.<span style="color: #660066;">htpasswd</span><span style="color: #339933;">;</span> <span style="color: #009900;">&#125;</span></pre></div></p> <p>Remember that the order of the allow/deny directives matters. More on the nginx_http_access_module module.</p> http://www.saigonist.com/b/bypass-basic-auth-localhost-nginx#comments Tech basic auth htaccess localhost nginx Sun, 30 Sep 2012 17:45:39 +0000 tomo 548 at http://www.saigonist.com