nginx rules to deny php/perl execution
António P. P. Almeida
appa at perusio.net
Sat Nov 20 22:38:22 MSK 2010
On 20 Nov 2010 19h31 WET, nginx-forum at nginx.us wrote:
Olá Nuno,
> Olá António,
>
> that's exactly what I need, since these directories have write
> permissions, but which rules should I have?
>
> placing something like this will work, but the user can see/read the
> php content and I don't want that
>
> [code]
> location ~ ^/(cache|static|etc)/ {
> root /var/www;
> }
> [/code]
>
> How do I deny execution/read access to those files
> (php|pl!php3|php4|php5)
Try this:
location ~* ^/(?:cache|static|etc)/.*\.(?:pl|php[345]*)$ {
return 404; # or 403
}
This directive should precede those that are "legal" in that location
(static, cache, etc).
--- appa
More information about the nginx
mailing list