nginx rules to deny php/perl execution

António P. P. Almeida appa at perusio.net
Sat Nov 20 22:38:22 MSK 2010


On 20 Nov 2010 19h31 WET, nginx-forum at nginx.us wrote:

Olá Nuno,

> Olá António,
>
> that's exactly what I need, since these directories have write
> permissions, but which rules should I have?
>
> placing something like this will work, but the user can see/read the
> php content and I don't want that
>
> [code]
> location ~ ^/(cache|static|etc)/  {
> root /var/www;
> }
> [/code]
>
> How do I deny execution/read access to those files
> (php|pl!php3|php4|php5)

Try this:

location ~* ^/(?:cache|static|etc)/.*\.(?:pl|php[345]*)$ {
  return 404; # or 403      
}

This directive should precede those that are "legal" in that location
(static, cache, etc).

--- appa




More information about the nginx mailing list