I want /beta to be available only after login. I do it like this, but the url still opens without authorization. If you use try_files, then authorization works, but after it 404 is returned and the page is not opened

server {
  server_name example.com;

  root /var/www/site;
  index index.php;

  set $closedSite "off";

  location / {

    if ($uri ~ '/beta) {
      set $closedSite "Restricted Content";
    }

    auth_basic $closedSite;
    auth_basic_user_file /etc/nginx/.htpasswd;

    if (!-e $request_filename) {
      rewrite ^(.*)$ /index.php?$1;
    }
  }

  location ~ \.php$ {
    include snippets/fastcgi-php.conf;
    fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
  }

  location ~ /\.ht {
    deny all;
  }
}

CodePudding user response：

Alternatively, place anything that requires authentication into a separate location, for example:

server {
    server_name example.com;

    root /var/www/site;
    index index.php;

    location / {
        try_files $uri $uri/ /index.php;    

        location ~ \.php$ {
            include snippets/fastcgi-php.conf;
            fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
        }
    }
    location /beta {
        auth_basic "Restricted Content";
        auth_basic_user_file /etc/nginx/.htpasswd;

        try_files $uri $uri/ /index.php;    

        location ~ \.php$ {
            include snippets/fastcgi-php.conf;
            fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
        }
    }

    location ~ /\.ht {
        deny all;
    }
}

Notice that there are now two location ~ \.php$ blocks, both nested locations, one for authenticated access and one not.