Reputation: 1315
NGinx Denying all access to folders but PHP scripts are not being affected by rule
I'm trying to set security directives in my server configuration file for NGinx. I've got the following directive:
location /config {
deny all;
return 404;
}
All the files in that directory are being restricted but PHP files are not being affected by that directive and my intention is to deny everything. I'm assuming that other directive in my config file is overriding this one but I'm quite novice in NGinx.
This is the full config code for the server:
server{
listen 80;
server_name mydomain.com;
root myrootpath;
index index.php index.html index.htm;
include security-directives;
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9123;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME
$document_root$fastcgi_script_name;
include fastcgi_params;
}
}
security-directives file contains the directive detailed in the first code block.
Upvotes: 1
Views: 152
Answers (1)
Reputation: 49742
The regular expression location block takes precedence over your prefix location block, so .php files are not included in the rule.
Use the ^~ modifier to make your prefix location take precedence over regular expression location blocks.
For example:
location ^~ /config {
return 403;
}
See this document for details.
Upvotes: 3
Related Questions
- access denied on nginx and php
- Nginx 403 forbidden for all files
- Nginx: Deny access of a directory and files inside it
- NGINX deny directory access except one php file
- Nginx Denied All files/nested files and forward all request to index.php
- Why am I getting 403 Forbidden status codes for static files served via nginx / php-fpm?
- NGINX not protecting directory
- Nginx - restricting access to folders, still able to be downloaded
- Nginx: example.com works; example.com/folder gets 403 Forbidden
- NGINX: Returning 403 on .php files