How to use Nginx to restrict access to everyfiles to 127.0.0.1, except the php files in /

carlg nginx-forum at nginx.us
Thu Jan 8 22:49:26 UTC 2015


Here is what i found to achieve this : 

i denied access to every php files : 

 location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;
        allow 127.0.0.1;
        deny all;
      }


and then i create one rule per page (takes time with some scripts, but it
worth it :)

location ~* ^/myfile.php$ {
 fastcgi_split_path_info ^(.+\.php)(/.+)$;
 try_files $uri $uri/ /index.php?q=$args;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
include /etc/nginx/naxsi.rules;
allow all;
}

Every tutorials i found on nginx tell us to allow / deny in location /. 
...but  ^(.+\.php) is another location, not included in location /

If i follow most tutorials i am still able to reach the php files inside the
location / even if i denied access to all of them.  Doing this way works
great :)

I hope this will help someone ... ...someday  :)
Cheers :)

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,254785,256007#msg-256007



More information about the nginx mailing list