How to use Nginx to restrict access to everyfiles to 127.0.0.1, except the php files in /
carlg
nginx-forum at nginx.us
Thu Jan 8 22:49:26 UTC 2015
Here is what i found to achieve this :
i denied access to every php files :
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
allow 127.0.0.1;
deny all;
}
and then i create one rule per page (takes time with some scripts, but it
worth it :)
location ~* ^/myfile.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
try_files $uri $uri/ /index.php?q=$args;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
include /etc/nginx/naxsi.rules;
allow all;
}
Every tutorials i found on nginx tell us to allow / deny in location /.
...but ^(.+\.php) is another location, not included in location /
If i follow most tutorials i am still able to reach the php files inside the
location / even if i denied access to all of them. Doing this way works
great :)
I hope this will help someone ... ...someday :)
Cheers :)
Posted at Nginx Forum: http://forum.nginx.org/read.php?2,254785,256007#msg-256007
More information about the nginx
mailing list