Nginx - 限制对文件夹的访问,仍然可以下载

I recently made the choice to move from Apache to Nginx - as it fits our needs better. I'm trying to block people from viewing/downloading certain files.

location ~ /mysql {
          deny all;
}

I've used this, and it works fine - our .php files now shows 403 forbidden access. But if you locate our database config.ini file, it simply downloads the file. Shouldn't this command be enough to block out that from happening?

Thanks.

# You may add here your
# server {
#       ...
# }
# statements for each of your virtual hosts to this file

##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##

server {
    listen 80 default_server;
    listen [::]:80 default_server ipv6only=on;

    root /var/www/html;
    index index.php index.html index.htm;

    # Make site accessible from http://localhost/
    server_name localhost;

    # Only for nginx-naxsi used with nginx-naxsi-ui : process denied reques$
    #location /RequestDenied {
    #       proxy_pass http://127.0.0.1:8080;
    #}

    #error_page 404 /404.html;
error_page 404 403 /404.php;
 # redirect server error pages to the static page /50x.html
    #
    #error_page 500 502 503 504 /50x.html;
    #location = /50x.html {
    #       root /usr/share/nginx/html;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location /mysql/ {
     deny all;
     }
location =  / {
     rewrite ^ /index.php;
     }
location / {
     rewrite ^(.*)$ /$1.php;
     try_files $uri $uri/ /index.html;
     }
location ~ .(css|img|js)/(.+)$ {
    try_files $uri $uri/ /$1/$2;
    }
location ~ \.php$ {
    try_files  $uri =404;
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_pass unix:/var/run/php5-fpm.sock;
    fastcgi_index index.php;
    include fastcgi_params;
     }
location /doc/ {
    alias /usr/share/doc/;
    autoindex on;
    allow 127.0.0.1;
    deny all;
    }

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    #       deny all;
    #}
}


# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
#       listen 8000;
#       listen somename:8080;
#       server_name somename alias another.alias;
#       root html;
#       index index.html index.htm;
#
#       location / {
#               try_files $uri $uri/ =404;
#       }
#}


# HTTPS server
#
#server {
#       listen 443;
#       server_name localhost;
#
#       root html;
#       index index.html index.htm;
#
#       ssl on;
#       ssl_certificate cert.pem;
#       ssl_certificate_key cert.key;
#
#       ssl_session_timeout 5m;
#
#       ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
#       ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
#       ssl_prefer_server_ciphers on;
#
#       location / {
#               try_files $uri $uri/ =404;
#       }
#}
dsjz1119
dsjz1119 我添加了etc/nginx/sites-available/default的完整文件。
5 年多之前 回复
donglianjiang9321
donglianjiang9321 它很可能与nginx选择评估位置匹配的顺序有关:wiki.nginx.org/HttpCoreModule#location完整配置可能有助于我们帮助您
5 年多之前 回复
dongshao1156
dongshao1156 添加完整的nginx配置
5 年多之前 回复
dongyingming8970
dongyingming8970 这个config.ini文件位于何处
5 年多之前 回复

1个回答



试试这个:</ p>

  location / mysql / {
deny all; \ n}
</ code> </ pre>
</ div>

展开原文

原文

Try this:

location /mysql/ {
    deny all;
}

doujiong3146
doujiong3146 你可能想先在这里阅读wiki.nginx.org/Pitfalls#Passing_Uncontrolled_Requests_to_PHP
5 年多之前 回复
douke1942
douke1942 我没有去过 - 对于迟到的回复感到抱歉。 当谈到Nginx时,我是一个新手,我已经用谷歌搜索了如何制作一个嵌套的PHP位置 - 但似乎无法弄明白。 我应该寻找特定的东西吗?
5 年多之前 回复
doukuizuo1795
doukuizuo1795 php在root(/)中处理不在/ mysql中,所以它会显示它们,在mysql中创建一个嵌套的php位置来处理它。
5 年多之前 回复
douyin8813
douyin8813 我想我已经在文件中定义了一个php处理器。 我把它粘贴在问题中。
5 年多之前 回复
douguachi0056
douguachi0056 如果你也在同一个位置块处理php文件,你应该定义一个php处理器,或者nginx只是将它们作为普通文件处理。 请参阅此处wiki.nginx.org/PHPFcgiExample
5 年多之前 回复
dongshang1768
dongshang1768 所以现在你无法下载它 - 但你可以查看该文件夹中的php文件。 我应该用旧代码添加另一行吗? 或者有正确的方法去做吗? 谢谢。
5 年多之前 回复
Csdn user default icon
上传中...
上传图片
插入图片
抄袭、复制答案,以达到刷声望分或其他目的的行为,在CSDN问答是严格禁止的,一经发现立刻封号。是时候展现真正的技术了!
立即提问
相关内容推荐