This is so weird - I am trying to password protect a folder in nginx, and it's sorta working... here is my config block:
location /private/ {
auth_basic "Restricted";
auth_basic_user_file /usr/share/nginx/htpasswd;
index index.php;
}
...and when I visit http://example.com/private, I am prompted for an .htaccess password (good), but BEHIND that prompt I see the browser partially loading the page (some broken HTML and images)-- obviously very bad. It seems like the images subfolder is being allowed through, even before the user enters a user/pass.
How can I prevent the /private dir (and EVERYTHING under it) from being served before the user gives the correct user/pass?
