How to use Nginx to restrict access to everyfiles to, except the php files in /

carlg nginx-forum at
Wed Nov 12 10:26:27 UTC 2014


I want to configure our nginx to be a little more paranoid concerning file

Right now, i am using rules like :

location /includes {
deny all;

... but i need to repeat this kind of rules for every folders, and then
restrict access to the php files inside. So our rules file is too long,
complicated and getting very messy.  Also, this doesn't protect the php
files, only the folders. so i need to add more and more rules, always.

The php files a visitor require to be able to reach directly are in / (like
index.php, login.php, etc..)

I would like to restrict every other files to, and then add some
rules to allow all traffic only where required.

But i cannot figure out how i can achieve this with nginx.  I'm pretty sure
there is a single rule that can do this. :D

Any help will be very appreciated, and may help may others i am sure to be
more secure

Thank you,


Posted at Nginx Forum:,254785,254785#msg-254785

More information about the nginx mailing list