joshtrichards · March 8, 2023 00:43 · Mar 8, 2023
diff --git a/nginx-php-auth-testing.md b/nginx-php-auth-testing.md
@@ -0,0 +1,76 @@
+My latest test config is below, but I also worked with many variations. My htpasswd-foo-foo has one entry: `foo` with pw `foo`. My php-auth.php script also accepts `bar` / `bar`. 
+
+Included below if you want to steal to test in your own environment against your browser/extension installation. If you see your reported issue against this I suspect that'll be telling that it is something unique to your browser setup interacting with BW.
+
+```
+http {
+
+        server {
+                listen 8080;
+
+                location /api/ {
+                        satisfy any;
+                        auth_basic "Restricted access";
+                        auth_basic_user_file /etc/nginx/htpasswd-foo-foo;
+                        auth_request /auth-service;
+                        proxy_pass http://localhost:8082/success;
+                }
+
+                location = /auth-service {
+                        internal;
+                        include fastcgi_params;
+                        fastcgi_pass unix:/run/php-fpm.sock;
+                        fastcgi_param SCRIPT_FILENAME /var/www/html/php-auth.php;
+                        fastcgi_index index.php;
+                }
+        }
+
+        server {
+                listen 8082;
+
+                location = /success {
+                        include fastcgi_params;
+                        fastcgi_pass unix:/run/php-fpm.sock;
+                        fastcgi_param SCRIPT_FILENAME /var/www/html/success.php;
+                        fastcgi_index index.php;
+                }
+
+        }
+}
+```
+
+htaccess-foo-foo:
+
+```
+foo:$apr1$13wds6o0$/DbF6uCKY3.k96rlfKt5M/
+```
+
+php-auth.php
+
+```
+<?php
+
+if ((!$_SERVER['PHP_AUTH_USER']) && (!$_SERVER['PHP_AUTH_PW'])) { // Not logged in using basic authentication
+        authenticate(); // Send basic authentication headers
+}
+
+
+if (!(($_SERVER['PHP_AUTH_USER'] == "bar") && ($_SERVER['PHP_AUTH_PW'] == "bar"))) { // Check username and password
+        authenticate(); // Send basic authentication headers because username and/or password didn't match
+}
+
+#if (!(($_SERVER['PHP_AUTH_USER'] == "foo") && ($_SERVER['PHP_AUTH_PW'] == "foo"))) { // Check username and password
+#        authenticate(); // Send basic authentication headers because username and/or password didn't match
+#}
+
+#phpinfo();
+
+// Call authentication display
+function authenticate() {
+        header("WWW-Authenticate: Basic realm=Website");
+        header("HTTP/1.0 401 Unauthorized");
+        exit;
+}
+
+?>
+```