Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Nginx: Deny access of a directory and files inside it

Tags:

php

nginx

I have a directory /admin and I want to block the access of the directory and the files inside the directory whenever anyone access via public IP. Here is my setting:

location /admin/ {
   allow 192.168.0.0/24;
   deny all;
}

This works fine when accessing the directory, however, if someone specifically access the file inside the directory (for example, url= "../admin/adminer.php), it doesn't deny the access of the file. I also tried other setting such as:

location ~ /admin/.*$ {
       allow 192.168.0.0/24;
       deny all;
}

This seems to work in denying all the access when access from a public IP, however, the php code no longer work when accessing via internal IP, the php code simply echo out as plaintext.

The rest of my location directives is provided here in case it somehow affect the behaviours:

location / {
   try_files $uri $uri/ /index.php?args;
}
location ~ \.php$ {
  include snippets/fastcgi-php.conf;
  fastcgi_pass unix:/var/run/php5-fpm.sock;
  fastcgi_split_path_info ^(.+\.php)(/.+)$;

  fastcgi_cache_bypass $skip_cache;
  fastcgi_no_cache $skip_cache;
  fastcgi_cache WORDPRESS;
  fastcgi_cache_valid 60m;
}

Hope someone can help me to solve this.

like image 623
hcheung Avatar asked Dec 05 '16 01:12

hcheung


People also ask

What is http block in Nginx?

What is the Http Block? The http block includes directives for web traffic handling, which are generally known as universal . That's because they get passed on to each website configuration served by NGINX. File: /etc/nginx/nginx.conf.

Can Nginx serve files?

To serve static files with nginx, you should configure the path of your application's root directory and reference the HTML entry point as the index file. In this example, the root directory for the snake deployment is /home/futurestudio/apps/snake which contains all the files.

Does Nginx read htaccess?

Nginx does not use . htaccess files like Apache does. This means that configuration previously done in . htaccess files now has to be done in a different format, explained in the Nginx documentation.


1 Answers

server {
    location ^~ /vendor/ {
        deny all;
        return 403;
    }
    ...
}
like image 171
Artem Avatar answered Sep 19 '22 06:09

Artem