: Block access to php files in folder in nginx under ispconfig I am using nginx / ispconfig and want to block access to any php file under a directory using server directives. My directive looks

@Barnes591

For once this is working:

location = /xmlrpc.php {
deny all;
access_log off;
log_not_found off;
}


Notice the = It has precedence to the wildcard match.

If you have more files to match then you need to work more and use @user269173 advice.

Vote Up Vote Down

@Shelley277

I had the same problem, as you stated the default vhost directive is put before so the resulting config is like this:

location ~ .php$ {
try_files /2e602f1b7f73a97412af065eb54a58c4.htm @php ;
}

location @php {
try_files $uri =404;
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:9040;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors on;
}
...
location ~* ^/wp-content/.*.(php|phps)$ {
deny all;
}


Since the default directive is a regular expression that matches every .php file request, it matches and stops location evaluation, so your custom directive won't never be reached.

The only way I found is to override the default configuration, if you have complete access to server you can do it just by copying /usr/local/ispconfig/server/conf/nginx_vhost.conf.master to /usr/local/ispconfig/server/conf-custom/nginx_vhost.conf.master and putting the section

<tmpl_loop name="nginx_directives">
<tmpl_var name='nginx_directive'>
</tmpl_loop>


before

<tmpl_if name='php' op='==' value='php-fpm'>


This will be applied to any vhost configured on the server, so you should check carefully if this doesn't have side-effects.

Vote Up Vote Down