Question

我有一个非常典型的php5-fpm设置如下：

location ~ \.php$ {
    try_files $uri =404;
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_pass  unix:/home/gfd-dev/var/run/php5-fpm.sock;
    fastcgi_index index.php;
    include fastcgi_params;
}

我只是想通过ip地址阻止1个文件，但是php不能运行

location ^~ /script_to_hide.php {
  allow 100.100.100.100; 
  deny all;
}

我是否将整个php $ params放在两者中，还是有另一种方法可以告诉php运行？

Answer 1

nginx.conf

location ~ \.php$ {
    include fastcgi_params;
}

location ^~ /secret_functions/ {
    allow 100.100.100.100; 
    deny all;
    include fastcgi_params;
}

fastcgi_params

    ...
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_pass  unix:/home/gfd-dev/var/run/php5-fpm.sock;
    fastcgi_index index.php;

P.S。

Nginx根据the following logic迭代每个位置：

location = / {
    [ configuration A ]
}

location / {
    [ configuration B ]
}

location /documents/ {
    [ configuration C ]
}

location ^~ /images/ {
    [ configuration D ]
}

location ~* \.(gif|jpg|jpeg)$ {
    [ configuration E ]
}

IP使用nginx将单个php文件列入白名单，但仍然运行php

1 个答案: