Nginx - 限制对文件夹的访问,仍然可以下载

时间:2015-07-07 02:35:02

标签: php nginx

我最近选择从Apache迁移到Nginx--因为它更符合我们的需求。 我试图阻止人们查看/下载某些文件。

location ~ /mysql {
          deny all;
}

我已经使用了它,它运行正常 - 我们的.php文件现在显示403禁止访问。但是如果找到我们的数据库config.ini文件,它只需下载该文件。这个命令不应该足以阻止这种情况发生吗?

感谢。

# You may add here your
# server {
#       ...
# }
# statements for each of your virtual hosts to this file

##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##

server {
    listen 80 default_server;
    listen [::]:80 default_server ipv6only=on;

    root /var/www/html;
    index index.php index.html index.htm;

    # Make site accessible from http://localhost/
    server_name localhost;

    # Only for nginx-naxsi used with nginx-naxsi-ui : process denied reques$
    #location /RequestDenied {
    #       proxy_pass http://127.0.0.1:8080;
    #}

    #error_page 404 /404.html;
error_page 404 403 /404.php;
 # redirect server error pages to the static page /50x.html
    #
    #error_page 500 502 503 504 /50x.html;
    #location = /50x.html {
    #       root /usr/share/nginx/html;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location /mysql/ {
     deny all;
     }
location =  / {
     rewrite ^ /index.php;
     }
location / {
     rewrite ^(.*)$ /$1.php;
     try_files $uri $uri/ /index.html;
     }
location ~ .(css|img|js)/(.+)$ {
    try_files $uri $uri/ /$1/$2;
    }
location ~ \.php$ {
    try_files  $uri =404;
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_pass unix:/var/run/php5-fpm.sock;
    fastcgi_index index.php;
    include fastcgi_params;
     }
location /doc/ {
    alias /usr/share/doc/;
    autoindex on;
    allow 127.0.0.1;
    deny all;
    }

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    #       deny all;
    #}
}


# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
#       listen 8000;
#       listen somename:8080;
#       server_name somename alias another.alias;
#       root html;
#       index index.html index.htm;
#
#       location / {
#               try_files $uri $uri/ =404;
#       }
#}


# HTTPS server
#
#server {
#       listen 443;
#       server_name localhost;
#
#       root html;
#       index index.html index.htm;
#
#       ssl on;
#       ssl_certificate cert.pem;
#       ssl_certificate_key cert.key;
#
#       ssl_session_timeout 5m;
#
#       ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
#       ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
#       ssl_prefer_server_ciphers on;
#
#       location / {
#               try_files $uri $uri/ =404;
#       }
#}

1 个答案:

答案 0 :(得分:1)

试试这个:

location /mysql/ {
    deny all;
}
相关问题
最新问题