* Added basic auth protection for /admin URIs.

perusio · Jun 11, 2013 · 04019e8 · 04019e8
1 parent 9535984
commit 04019e8
Show file tree

Hide file tree

Showing 9 changed files with 59 additions and 0 deletions.
diff --git a/apps/drupal/admin_basic_auth.conf b/apps/drupal/admin_basic_auth.conf
@@ -0,0 +1,12 @@
+# -*- mode: nginx; mode: flyspell-prog;  ispell-local-dictionary: "american" -*-
+
+## Protect the /admin URIs with a basic auth.
+location ^~ /admin {
+    auth_basic "Restricted access"; #realm
+    auth_basic_user_file .htpasswd-users;
+
+    ## Include the specific FastCGI configuration. This is for a
+    ## FCGI backend like php-cgi or php-fpm.
+    include apps/drupal/fastcgi_drupal.conf;
+    fastcgi_pass phpcgi;
+}
diff --git a/apps/drupal/drupal.conf b/apps/drupal/drupal.conf
@@ -213,6 +213,12 @@ location / {
 
 ########### Security measures ##########
 
+## Uncomment the line below if you want to enable basic auth for
+## access to all /admin URIs. Note that this provides much better
+## protection if use HTTPS. Since it can easily be eavesdropped if you
+## use HTTP.
+#include apps/drupal/admin_basic_auth.conf;
+
 ## Restrict access to the strictly necessary PHP files. Reducing the
 ## scope for exploits. Handling of PHP code and the Drupal event loop.
 location @drupal {

diff --git a/apps/drupal/drupal6.conf b/apps/drupal/drupal6.conf
@@ -215,6 +215,12 @@ location / {
 
 ########### Security measures ##########
 
+## Uncomment the line below if you want to enable basic auth for
+## access to all /admin URIs. Note that this provides much better
+## protection if use HTTPS. Since it can easily be eavesdropped if you
+## use HTTP.
+#include apps/drupal/admin_basic_auth.conf;
+
 ## Restrict access to the strictly necessary PHP files. Reducing the
 ## scope for exploits. Handling of PHP code and the Drupal event loop.
 location = /index.php {

diff --git a/apps/drupal/drupal6_escaped.conf b/apps/drupal/drupal6_escaped.conf
@@ -222,6 +222,11 @@ location / {
 }
 
 ########### Security measures ##########
+## Uncomment the line below if you want to enable basic auth for
+## access to all /admin URIs. Note that this provides much better
+## protection if use HTTPS. Since it can easily be eavesdropped if you
+## use HTTP.
+#include apps/drupal/admin_basic_auth.conf;
 
 ## Restrict access to the strictly necessary PHP files. Reducing the
 ## scope for exploits. Handling of PHP code and the Drupal event loop.

diff --git a/apps/drupal/drupal_boost.conf b/apps/drupal/drupal_boost.conf
@@ -247,6 +247,12 @@ location @cache {
 
 ########### Security measures ##########
 
+## Uncomment the line below if you want to enable basic auth for
+## access to all /admin URIs. Note that this provides much better
+## protection if use HTTPS. Since it can easily be eavesdropped if you
+## use HTTP.
+#include apps/drupal/admin_basic_auth.conf;
+
 ## Restrict access to the strictly necessary PHP files. Reducing the
 ## scope for exploits. Handling of PHP code and the Drupal event loop.
 location @drupal {

diff --git a/apps/drupal/drupal_boost6.conf b/apps/drupal/drupal_boost6.conf
@@ -282,6 +282,12 @@ location @no_cache {
 
 ########### Security measures ##########
 
+## Uncomment the line below if you want to enable basic auth for
+## access to all /admin URIs. Note that this provides much better
+## protection if use HTTPS. Since it can easily be eavesdropped if you
+## use HTTP.
+#include apps/drupal/admin_basic_auth.conf;
+
 ## Restrict access to the strictly necessary PHP files. Reducing the
 ## scope for exploits. Handling of PHP code and the Drupal event loop.
 location = /index.php {

diff --git a/apps/drupal/drupal_boost6_escaped.conf b/apps/drupal/drupal_boost6_escaped.conf
@@ -290,6 +290,12 @@ location @no_cache {
 
 ########### Security measures ##########
 
+## Uncomment the line below if you want to enable basic auth for
+## access to all /admin URIs. Note that this provides much better
+## protection if use HTTPS. Since it can easily be eavesdropped if you
+## use HTTP.
+#include apps/drupal/admin_basic_auth.conf;
+
 ## Restrict access to the strictly necessary PHP files. Reducing the
 ## scope for exploits. Handling of PHP code and the Drupal event loop.
 location = /index.php {

diff --git a/apps/drupal/drupal_boost_escaped.conf b/apps/drupal/drupal_boost_escaped.conf
@@ -250,6 +250,12 @@ location @cache {
 
 ########### Security measures ##########
 
+## Uncomment the line below if you want to enable basic auth for
+## access to all /admin URIs. Note that this provides much better
+## protection if use HTTPS. Since it can easily be eavesdropped if you
+## use HTTP.
+#include apps/drupal/admin_basic_auth.conf;
+
 ## Restrict access to the strictly necessary PHP files. Reducing the
 ## scope for exploits. Handling of PHP code and the Drupal event loop.
 location @drupal {

diff --git a/apps/drupal/drupal_escaped.conf b/apps/drupal/drupal_escaped.conf
@@ -216,6 +216,12 @@ location / {
 
 ########### Security measures ##########
 
+## Uncomment the line below if you want to enable basic auth for
+## access to all /admin URIs. Note that this provides much better
+## protection if use HTTPS. Since it can easily be eavesdropped if you
+## use HTTP.
+#include apps/drupal/admin_basic_auth.conf;
+
 ## Restrict access to the strictly necessary PHP files. Reducing the
 ## scope for exploits. Handling of PHP code and the Drupal event loop.
 location @drupal {