dsyct08008 2014-10-08 17:41
浏览 576

Nginx如何直接访问index.php时返回404

For security purpose, I am attempting to hide almost all the fingerprint info of my web application. The most important thing is to hide PHP from any visitors. So I try to modify my Nginx's configuration file. The configuration will show as follows.

location / {
        root   /data/site/public;

        index  index.html index.htm index.php;
        try_files $uri /index.php;

        location /index.php {
            fastcgi_pass unix:/var/run/php5-fpm.sock;
            include fastcgi.conf;
        }
    }

By this way, I successfully hide index.php from URL. However, Hackers could also directly access my website by using some URL such as http://example.com/index.php, which shows that my website is written by PHP. Sometimes it maybe dangerous. So, I modify the Nginx's config second time, longing for 404 when access index.php directly, and it looks like

location / {
        root   /data/site/public;

        if ( $request_uri ~ /index\.php ) {
            return 404;
        }

        index  index.html index.htm index.php;
        try_files $uri /index.php;

        location /index.php {
            fastcgi_pass unix:/var/run/php5-fpm.sock;
            include fastcgi.conf;
        }
    }

However..., it seems that Nginx acts nothing different from the previous one.

Could anyone tell me the reason ? or any other solutions...

  • 写回答

0条回答

    报告相同问题?

    悬赏问题

    • ¥15 MATLAB动图的问题
    • ¥15 求差集那个函数有问题,有无佬可以解决
    • ¥15 【提问】基于Invest的水源涵养
    • ¥20 微信网友居然可以通过vx号找到我绑的手机号
    • ¥15 寻一个支付宝扫码远程授权登录的软件助手app
    • ¥15 解riccati方程组
    • ¥15 display:none;样式在嵌套结构中的已设置了display样式的元素上不起作用?
    • ¥15 使用rabbitMQ 消息队列作为url源进行多线程爬取时,总有几个url没有处理的问题。
    • ¥15 Ubuntu在安装序列比对软件STAR时出现报错如何解决
    • ¥50 树莓派安卓APK系统签名