Deny rules not working - raw php files being served!
edbloom
nginx-forum at nginx.us
Sun Mar 10 09:36:08 UTC 2013
Hi all,
I'm using a pretty simple WordPress nginx config that is documented on the
WordPress codex.
http://codex.wordpress.org/Nginx
All works fine except for 1 critical aspect.
The config uses a restrictions.conf which has some fairly simple rules for
blocking unauthorized access to specific files and file patterns like the
following:
# Deny all attempts to access hidden files such as .htaccess, .htpasswd,
.DS_Store (Mac).
# Keep logging the requests to parse later (or to pass to firewall utilities
such as fail2ban)
location ~ /\. {
deny all;
}
What I've found is rather than actually denying requests, raw php files are
being served up via nginx - which is very odd.
Any ideas why this would be happening?
Ed
Posted at Nginx Forum: http://forum.nginx.org/read.php?2,237177,237177#msg-237177
More information about the nginx
mailing list