DO Ideas 2

Security concern in tutorial regarding nginx and http basic auth

Hello,

i read your tutorial: https://www.digitalocean.com/community/tutorials/how-to-set-up-http-authentication-with-nginx-on-ubuntu-12-10

i would urge you to add the following lines to the nginx config for security reasons:

location ~ ^/\.ht {
deny all;
}

otherwise anyone can just go and download the htpasswd file. I think this is especially important since the tutorial is directed at beginners who might not know this.

  • Joakim Reinert
  • Sep 11 2018
  • Will not implement
  • Sep 11, 2018

    Admin Response

    Hi! Thank you for catching that! That does seem to be a concerning oversight. I've updated the article, fixing it in a different way. Do you have a DigitalOcean account? Drop me a line at asb@digitalocean.com Thanks again!
  • Attach files