Passing / denying PHP requests

Paul N. Pace paulnpace at
Wed Oct 23 14:30:19 UTC 2013


I am trying to allow only the PHP files required for a given PHP
package to function correctly, then deny access to all other PHP files
to prevent people from snooping on the site's configuration. I have
created the location block, but I'm not so good with regular
expressions and the block is assembled mostly through copy & paste.

location /installdirectory/ {
    # from nginx pitfalls page
    location ~*
        include global-configs/php.conf;
    location ~* installdirectory/.*\.php$ {
        deny all;

If someone can let me know if I am at least on the right track, I
would appreciate it.



More information about the nginx mailing list