Passing / denying PHP requests
Paul N. Pace
paulnpace at gmail.com
Wed Oct 23 14:30:19 UTC 2013
Hello-
I am trying to allow only the PHP files required for a given PHP
package to function correctly, then deny access to all other PHP files
to prevent people from snooping on the site's configuration. I have
created the location block, but I'm not so good with regular
expressions and the block is assembled mostly through copy & paste.
location /installdirectory/ {
# from nginx pitfalls page
location ~*
(installdirectory/file_a|installdirectory/file_b|installdirectory/file_c)\.php$
{
include global-configs/php.conf;
}
location ~* installdirectory/.*\.php$ {
deny all;
}
}
If someone can let me know if I am at least on the right track, I
would appreciate it.
Thanks!
Paul
More information about the nginx
mailing list