Nginx:如何从 htpasswd 授权中排除带有查询参数的 URL

Nginx:如何从 htpasswd 授权中排除带有查询参数的 URL

wordpress 网站的 /wp-login.php 使用 htpasswd 进行 HTTP 授权保护。Web 服务器是 Nginx。其配置如下。

与插件关联的 URL 使用 wp-login.php?query-parameters 来管理内部用户。URL 示例如下:
http://beta.timepass.com/wp-login.php?action=wordpress_social_authenticate&mode=login&provider=Facebook

我需要仅允许那些与查询参数匹配的 URLaction=wordpress_social_authenticate绕过 htpasswd。我尝试了几种方法,但毫无进展!Nginx 不接受auth_basic "off"其 if 条件。

Nginx 配置参考:

server {
  listen 80;
  server_name beta.timepass.com;
  root /var/www/projects/beta.timepass.com;
  index index.php index.html index.htm;
  autoindex off;
  access_log /var/log/nginx/beta.timepass.com-access.log;
  error_log /var/log/nginx/beta.timepass.com-error.log;


  try_files $uri $uri/ /index.php?$args;


## Disallow direct access to wp-login.php
    location ~* ^/wp-login.php {
        #satisfy any;
        #allow 192.168.1.0/24;
        allow 192.168.1.157;
        auth_basic "Site Needs You to Authenticate";
        auth_basic_user_file /etc/nginx/htpass-beta ;

        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }

  # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
  location ~ \.php$ {
    expires off; ## Do not cache dynamic content
    #add_header Pragma public;
    #add_header Cache-Control "public, max-age=300";

    fastcgi_pass 127.0.0.1:9000;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME /var/www/projects/beta.timepass.com$fastcgi_script_name;
    fastcgi_read_timeout 60s;
  }

}

答案1

你应该使用地图因为auth_basic指令允许使用变量。

例如 :

map $arg_action $auth {
     default "Site Needs You to Authenticate";
     "wordpress_social_authenticate" "off";
}


server {

    [...]

    location ~* ^/wp-login.php {

        auth_basic $auth;
        auth_basic_user_file /etc/nginx/htpass-beta ;

        [ ...]

    }

}

相关内容