CODEWITHSUNDEEP
nginx
Arthur Yakovlev
Arthur Yakovlev

Reputation: 9309

Allowing access to a specific file in location block nginx config

In my nginx config I have been block all access from my IP however allowed to do that with my localhost. I would like to allow global access to one file of mine xn.php I try to do that with location ^~ /xn.php and it's not working. As well I tried location /xn.php and still fail. How should I do that? I checked a lot documentation however I stuck on it

server {
        listen   127.0.0.1:80;
        root /var/www/html/;
        index /index.php;
        server_name localhost;

        location / {
                deny 77.777.77.0/24;
                allow 127.0.0.1;
                autoindex on;
                index index.php;
                try_files $uri /index.html /index.php;
                deny all;
        }
        location ^~ /xn.php {
                allow all;
        }
        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
        }
        location ~ /\.ht {
                deny all;
        }
}

Upvotes: 0

Views: 3966

Answers (2)

Ivan Shatsky
Ivan Shatsky

Reputation: 15527

With your current configuration xn.php content would be send as HTTP response rather than being interpreted with PHP-FPM. Additionally, any request for PHP file won't be blocked with your deny rule since it won't match the location / { ... } block. You can try this:

server {
        listen 80;
        root /var/www/html/;
        index /index.php;
        location / {
                allow 127.0.0.1;
                deny all;
                autoindex on;
                index index.php;
                try_files $uri /index.html /index.php;
        }
        location = /xn.php {
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
        }
        location ~ \.php$ {
                allow 127.0.0.1;
                deny all;
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
        }
        location ~ /\.ht {
                deny all;
        }
}

Update

Since you are listening only on 127.0.0.1 interface this server block won't be reachable from any other host at all. Right configuration for you depends on other server blocks you have in your nginx config.

Upvotes: 2

ExploitFate
ExploitFate

Reputation: 605

Update your nginx location config a bit

        location /xn.php {
                allow all;
                autoindex on;
                index index.php;
                try_files $uri $uri/ /index.php?$args;
        }

Upvotes: 1

Related Questions