允许localhost;否认所有;对于所有尽管“index.php”和“/”

时间:2017-08-23 10:09:38

标签: nginx config

我正在尝试限制对Web服务器上的.php文件的直接访问。

已使用allow localhost;deny all;。但是,这也限制了对index.php的访问权限。

如何克服这个问题?是否有类似IF conditions的内容?

我的配置:

if ($request_uri ~* "^(/)index\.php$") {
    return 301 $1;
}

location / {
try_files $uri $uri/ /index.php?$args; 

    rewrite ^/(\w+)$       /?system=$1       break;
    rewrite ^/(\w+)/(\w+)(/.)*$ /?system=$1&id=$2 break;
    rewrite ^/(.*)/$ /$1 permanent; 

location ~ \.php$ {
       try_files  $uri =404;

       fastcgi_split_path_info ^(.+\.php)(/.+)$;
       #fastcgi_pass 127.0.0.1:9000;
       fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
       fastcgi_index index.php;
       include fastcgi_params;

       fastcgi_param PHP_VALUE "auto_prepend_file=/usr/share/nginx/html/web/config.php";
    }

}

2 个答案:

答案 0 :(得分:1)

通常做的是将RewriteRule添加到.htaccess文件中。这样就可以根据需要将所有流量重定向到index.php

此解决方案甚至允许您将请求的URL添加为URL参数,因此可以在index.php中将其作为$_GET变量进行访问。

由于.htaccess只是Apache服务器的解决方案,因此无法在此处一对一应用。这篇关于NGINX网站的博客文章解释了它在NGINX上的表现:https://www.nginx.com/blog/creating-nginx-rewrite-rules/

答案 1 :(得分:0)

不是匹配所有PHP文件,而是匹配index.php并拒绝所有其他文件,如下所示:

location = /index.php {
  try_files  $uri =404;

  fastcgi_split_path_info ^(.+\.php)(/.+)$;
  #fastcgi_pass 127.0.0.1:9000;
  fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
  fastcgi_index index.php;
  include fastcgi_params;

  fastcgi_param PHP_VALUE "auto_prepend_file=/usr/share/nginx/html/web/config.php";      
}

location ~ \.php$ {
  return 301 $scheme://$http_host/index.php;
}

如果您想允许服务器发布自己的帖子,请为URI添加以下内容

location = /post.php {
  allow 127.0.0.1/24;
  deny all;

  try_files  $uri =404;

  fastcgi_split_path_info ^(.+\.php)(/.+)$;
  #fastcgi_pass 127.0.0.1:9000;
  fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
  fastcgi_index index.php;
  include fastcgi_params;

  fastcgi_param PHP_VALUE "auto_prepend_file=/usr/share/nginx/html/web/config.php";      
}

编辑:替代配置 

server {
  listen 80;

  location = /index.php {
    try_files  $uri =404;

    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    #fastcgi_pass 127.0.0.1:9000;
    fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
    fastcgi_index index.php;
    include fastcgi_params;

    fastcgi_param PHP_VALUE "auto_prepend_file=/usr/share/nginx/html/web/config.php";      
  }

  location ~ \.php$ {
    return 301 $scheme://$http_host/index.php;
  }
}

server {
  listen 127.0.0.1:81;

  location / {
    try_files $uri $uri/ /index.php?$args; 
  }

  location ~ \.php$ {
    try_files  $uri =404;

    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    #fastcgi_pass 127.0.0.1:9000;
    fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
    fastcgi_index index.php;
    include fastcgi_params;

    fastcgi_param PHP_VALUE "auto_prepend_file=/usr/share/nginx/html/web/config.php";      
  }
}

然后需要将本地请求定向到端口81,即:

curl http://localhost:81/myscript.php
相关问题
最新问题