Exclude URL from HTTP AUTH ACL

Hi,

I’m trying to configure following setup.

  • I’ve a staging environment: staging.example.com
  • I have put it behind HTTP AUTH with following config in my nginx conf file
include common/acl.conf;

I’ve tried various combinations of following with location regex configs but have not succeeded in this.

  • auth_basic off;
  • allow all;
  • satisfy any;

Is it possible that I’m trying to achieve or I’m doing something wrong in nginx concepts ?

Hope anyone can help out here.

@uditdesairtcamp

you can add some rules like below

location =  /wp-json/pages {
   auth_basic off;
   allow all;
}

location = /gravityformsapi/forms/{id}/submissions {

   auth_basic off;
   allow all;
}

@harshadyeola

It did not work. The URL gives 404 with the above rules. My site config file is as follows:

# WPSINGLE W3 TOTAL CACHE NGINX CONFIGURATION

server {

    server_name staging.example.com www.staging.example.com;

    access_log   /var/log/nginx/staging.example.com.access.log rt_cache;
    error_log    /var/log/nginx/staging.example.com.error.log;

    root /var/www/staging.example.com/htdocs;
    index index.php index.htm index.html;

    include common/php.conf;
    include common/wpcommon.conf;
    include common/locations.conf;

    include common/acl.conf;

    location = /wp-json/pages {
            auth_basic off;
            allow all;
    }
}

@uditdesairtcamp

can you modify above rules slightly like this

 location ~ /wp-json/pages(.*) {
            auth_basic off;
            allow all;
   }

@uditdesairtcamp think you need to add PHP based upstream to other locations which need to be handled by PHP/WordPress.

Can you try something like below?

 include common/acl.conf;

    location = /wp-json/pages {
            include common/php.conf;
            auth_basic off;
            allow all;
    }

Yeah, @rahul286. I had tried adding php.conf in sub-query. But it gave following error.

nginx: [emerg] location "/" cannot be inside the exact location "/wp-json/pages" in /etc/nginx/common/php.conf:4
nginx: configuration file /etc/nginx/nginx.conf test failed

@harshadyeola With ~ /wp-json/pages(.*), it again went to 404.

With above two combination, it gave following error:

nginx: [emerg] location "/" is outside location "/wp-json/pages(.*)" in /etc/nginx/common/php.conf:4
nginx: configuration file /etc/nginx/nginx.conf test failed

I feel, is it the combination of how EasyEngine is placing all the rules ?

I may have to take out a separate php.conf & maybe location.conf, update my rules over there ? To keep it specifically for this site. Otherwise, directly updating common/php.conf & common/location.conf won’t be a good idea.

Try something like below:

 location = /wp-json/pages {
            try_files $uri =404;
            include fastcgi_params;
            fastcgi_pass php;     
            auth_basic off;
            allow all;
    }

Nah. Hard luck. It’s giving 404 to following URL.

staging.example.com/wp-json/pages?filter[name]=home

And it is asking for Auth password for following one.

staging.burgerfi.com/wp-json/pages/

Some updates:

WP JSON API is having its rewrite rule for this.

^wp-json/?$	index.php?json_route=/
^wp-json(.*)?	index.php?json_route=$matches[1]

So I updated the conf as follows:

location ^~ /wp-json/pages {
    try_files $uri /index.php?json_route=pages&$args;
    include fastcgi_params;
    fastcgi_pass php;
    auth_basic off;
    allow all;
}

After this, it stopped giving 404 Not found. Means it could at least detect the valid URL. but it was still asking for auth password.

I enabled the nginx debug mode and checked the logs.

Logs showed me that at the end nginx was using following configuration.

2015/07/07 19:59:28 [debug] 11324#0: *32694 using configuration "\.php$"

which boiled down to the one which was defined in common/php.conf and not the one I defined.

I specifically put ^~ to stop searching for other rules, but hard luck. No success.

Move original include common/acl.conf; inside location /

I think that might solve your problem.

Hi @uditdesairtcamp

I hope your issue has been satisfactorily resolved, If not, please revert back or else this topic will be closed after a duration of 48 hours.

Thanks.