How to use Nginx to restrict access to everyfiles to 127.0.0.1, except the php files in /

carlg nginx-forum at nginx.us
Wed Nov 12 10:26:27 UTC 2014


HI,

I want to configure our nginx to be a little more paranoid concerning file
access.

Right now, i am using rules like :

location /includes {
allow 127.0.0.1;
deny all;
}

... but i need to repeat this kind of rules for every folders, and then
restrict access to the php files inside. So our rules file is too long,
complicated and getting very messy.  Also, this doesn't protect the php
files, only the folders. so i need to add more and more rules, always.

The php files a visitor require to be able to reach directly are in / (like
index.php, login.php, etc..)

I would like to restrict every other files to 127.0.0.1, and then add some
rules to allow all traffic only where required.

But i cannot figure out how i can achieve this with nginx.  I'm pretty sure
there is a single rule that can do this. :D

Any help will be very appreciated, and may help may others i am sure to be
more secure

Thank you,

Carl

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,254785,254785#msg-254785



More information about the nginx mailing list