CODEWITHSUNDEEP
phpnginxlocation
Kayne
Kayne

Reputation: 47

Nginx location with deny doesn't work

I've got some problems with nginx configuration. I want to deny access for some folders and files but nothing I tried worked. Currently I'm using configuration pasted below:

server {

    listen 80;
    server_name .hostname;

    keepalive_timeout 60;

    root path/htdocs;

    access_log path/logs/access.log;
    error_log path/logs/error.log;

    index index.php index.htm index.html;

    location ~ \.php$ {
        try_files $uri =404;
        proxy_set_header Accept-Encoding "";
        include /etc/nginx/fastcgi_params;
        fastcgi_pass  php5-fpm-sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME path/htdocs$fastcgi_script_name;
    }

    location / {
        try_files $uri $uri/ /index.php?q=$uri&$args;
    }

    # Common deny or drop locations
    location ~* wp-config.php { deny all; }
    location ~* wp-admin/includes { deny all; }
    location ~* wp-includes/.*\.php$ { deny all; }
    location ~ /\. { access_log off; log_not_found off; deny all; }
    location ~ ~$ { access_log off; log_not_found off; deny all; }

     # Prevent scripts from running in /uploads
     location ~* ^/wp-content/uploads/.*.(html|htm|shtml|php)$ {
        types { }
        default_type text/plain;
     }
}

But even when I delete location "/" and "php" one ( I was thinking that php one is more specific and runs before rest of sections ) problem is still up. Even something like that:

# some code

# Common deny or drop locations
location ~* wp-config.php { deny all; }
location ~* wp-admin/includes { deny all; }
location ~* wp-includes/.*\.php$ { deny all; }
location ~ /\. { access_log off; log_not_found off; deny all; }
location ~ ~$ { access_log off; log_not_found off; deny all; }

 # Prevent scripts from running in /uploads
 location ~* ^/wp-content/uploads/.*.(html|htm|shtml|php)$ {
    types { }
    default_type text/plain;
 }

# some code

didn't help. I still can get access to this files and folders through my browser.

Upvotes: 0

Views: 2376

Answers (1)

Alexey Ten
Alexey Ten

Reputation: 14354

Regexp locations are checked in order of appearance until first match. So, in your case it's location ~ \.php$ that matches anything with php suffix and nginx choose it before anything else. Put that block to the end.

Upvotes: 2

Related Questions