Restrict Path Access for deployed apps


The “Restrict Path Access” doesn’t work for sites which are deployed. I guess because of the path which is made with symbolic links (current, latest…).

I have a view old apps with a directory called “admin” and they don’t have an authentication feature. The previous server was Apache based and the .htpasswd / .htaccess authentication worked for many years.

I also tried the .htpasswd restriction with Nginx:

location /admin/ {
    auth_basic           "Administrator’s Area";
    auth_basic_user_file /home/username/.htpasswd; 

But this works only for the URL and not for all the files inside that directory.

It appears the feature is broken, at least for my WordPress tests. We’ll look into it further and work on a fix.

I use this feature often voor locking the whole WordPress site and that works. The problem I have (for a longer time) is for PHP deployments.