NGINX auth_basic 排除對特定 php 腳本的 GET 請求

我似乎無法弄清楚如何從 auth_basic 中排除特定位置。

server {
       server_name example.com;

       root /var/www/html;

       index index.php;

       auth_basic "Nein nein nein";
       auth_basic_user_file .htpasswd;

       location / {
               try_files $uri $uri/ =404;
       }

       location ~ \.php$ {
               include snippets/fastcgi-php.conf;
               fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
       }

       # this script needs free access and takes query string parameters
       location /sub/script.php {
               auth_basic off;
       }

       # this works fine
       location /sub/a-javascript.js {
               auth_basic off;
       }
...

位置 /sub/script.php 需要免費訪問。如果它只能允許 GET 請求它也很好。我的問題似乎是它之後的查詢參數。

總是使用許多查詢參數來請求腳本 script.php?param=something&other_param=somethingelse&etc=etc

/sub/script\.php$您目前的配置正在匹配以下location塊的請求：

       location ~ \.php$ {
           include snippets/fastcgi-php.conf;
           fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
       }

使用以下配置將位置放置在/sub/script\.php$位置上方，\.php$因為nginx將在第一個匹配的正則表達式處停止評估location。

server {
       server_name example.com;

       root /var/www/html;

       index index.php;

       auth_basic "Nein nein nein";
       auth_basic_user_file .htpasswd;

       location / {
               try_files $uri $uri/ =404;
       }

       location ~ /sub/script\.php$ {
               auth_basic off;
               include snippets/fastcgi-php.conf;
               fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
               limit_except GET { deny all; } # Also allows HEAD
               }

       location ~ \.php$ {
               include snippets/fastcgi-php.conf;
               fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
       }

       # this works fine
       location /sub/a-javascript.js {
               auth_basic off;
       }
...

引用自：https://serverfault.com/questions/1069033