I run SugarCRM on a LEMP stack and have it closed down with auth_basic. That works fine, headers show:
WWW-Authenticate:
Basic realm="Username and Password are required"
Some files within SugarCRM have their own built in http auth through PHP, for example ical_server.php which shows in its headers:
WWW-Authenticate:
Basic realm="SugarCRM iCal"
X-Dav-Powered-By:
PHP class: HTTP_WebDAV_Server_iCal
I am attempting to bypass auth_basic for this file, or at least my own realm, the first one shown above.
location = /ical_server.php {
auth_basic "off";
}
However, this switches off both realms. In other words, it switches off auth_basic altogether, indiscriminately.
Is there a way to selectively switch off a http basic authentication realm of choice? The Nginx documentation seems to suggest there isn't, if that's true, then is there another, perhaps roundabout way to accomplish this?
Such as a regex for switching on my realm in the first place?
Pseudocode:
location != /ical_server.php {
auth_basic "Username and Password are required";
auth_basic_user_file /var/web/webaddress.tld/private/.htpasswd;
}
Though I don't think negative matching is possible.
Any ideas?
Best Answer
You may define two locations :