We have a server we don't want Google to index or anyone else to get access to unless they have a password.
How can I directory lock the entire server except for very specific routes used by external scanning services?
For instance, example.com/test should output a response from the framework without blocking but any other URL should ask for a password to get any content response.
I know how to do this with Apache using .htpasswd, but I need to be able to do it on nginx while whitelisting a specific route.
This will enable /test/ to respond without needing any authentication and every other request will need authentication.
server {
auth_basic "Administrator Login";
auth_basic_user_file /var/www/static/.htpasswd;
location /test/ {
auth_basic off;
}
}