location = /index.php {
allow MY-IP-HERE;
deny all;
}
使用这种配置,因为我不希望其他人看到我正在维护的工作,每当我去index.php时它会下载文件而不是让我看到它。
但是,如果我禁用它,我可以很好地查看它。
我在这里错过了什么吗?
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# NOTE: You should have "cgi.fix_pathinfo = 0;" in
# php.ini
# With php5-cgi alone: fastcgi_pass 127.0.0.1:9000;
# With php5-fpm:
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
}
答案 0 :(得分:2)
这里的问题是,您可能稍后在.conf文件中将.php请求传递给PHP CGI处理程序。这是一个例子:
location ~ \.php$ {
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
在此之前添加位置时,它会跳过将其移交给FastCGI的位置,因此它会将您的PHP文件视为静态内容。
如果你想让你的IP地址限制适用于所有的php文件,那么你可以在那个位置匹配内移动你的允许/拒绝(并摆脱另一个,因为它现在是空的),如下所示:
location ~ \.php$ {
allow MY-IP-HERE;
deny all;
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# NOTE: You should have "cgi.fix_pathinfo = 0;" in
# php.ini
# With php5-cgi alone: fastcgi_pass 127.0.0.1:9000;
# With php5-fpm:
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
}
如果您只想 index.php,那么您可以将匹配位置嵌套:
location ~ \.php$ {
location ~ index\.php$ {
allow MY-IP-HERE;
deny all;
}
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# NOTE: You should have "cgi.fix_pathinfo = 0;" in
# php.ini
# With php5-cgi alone: fastcgi_pass 127.0.0.1:9000;
# With php5-fpm:
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
}
我相信这将允许继续传递给CGI。如果没有,那么您可能只需复制index.php的FastCGI部分。