How to use Nginx to restrict access to everyfiles to, except the php files in /

Maxim Dounin mdounin at
Thu Nov 13 12:46:42 UTC 2014


On Thu, Nov 13, 2014 at 03:33:03AM -0500, carlg wrote:

> Hi,
> It works, but i am still able to access the php files inside the restricted
> directories.  I tried with :
> location /myfolder/(.+)\.php$ {
> deny all;
> }
> But this doesn't work!

If you followed what I suggested, you should not be able to access 
anything _unless_ it's explicitly allowed.  I suspect you've added 
something like "location ~ \.php$ { allow all; ...}" - and this is 
what causes your problems.  Remove it, and start again with 
exact match locations, as previously suggested.

> Also, i cannot make this method work nice with our clean url's.  We are
> using : 

By introducing various rewriting in nginx configuration you make 
your life harder.  That's your deliberate choice.  Igor recently 
gave a talk about this, see here:

Maxim Dounin

More information about the nginx mailing list