New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Deny access to all PHP files in a folder
Using nginx
and php-fpm
. I want to deny access to everyone on PHP files in uploads
folder of WordPress.Have written following in config but I can access the file in browser using somesite.com/wp-content/uploads/myfile.php
. This file contain just one line phpinfo()
and the browser shows everything.
File permission is www-data:www-data
with 644
location ~* /(?:uploads|files)/.*.php$
{
deny all;
access_log off;
log_not_found off;
}location ~* /wp-content/uploads/.*.php$
{
deny all;
access_log off;
log_not_found off;
}
What is the correct syntax to deny access?
Thanked by 1truweb
Comments
This is sooo ugly in compare to .htaccess.
As I hate such one-liners, let's use nested locations:
Or you can use 'if' statement too
But so much more efficient in terms of IO, because its just single file. Webserver doesn't need to scan for .htaccess in every dir before sending files.
Once you get used to nginx quirks its pretty easy.
Ok I got what the issue was. My code to deny all was written after PHP-FPM block. So, all deny access to PHP files blocks should come before the following code:
One line code to block
wp-includes
,wp-content
,uploads
,*.ini
,xmlrpc.php
,*.ht
Don't know if that would help but another way perhaps you could protect your phpinfo() file is by adding an IP address check, replacing ww.xx.yy.zz by yours: