Jump to content
Froxlor Forum

Jjth01

Members
  • Content Count

    1
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Jjth01

  • Rank
    Newbie

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Hi, While using a combination of Nginx, PHP-FPM and Let's Encrypt, I tried to deny access to PHP files within some folders using Froxlor's (0.9.39.5) per-vhost configuration. Here is what I put within the per-vhost configuration field: location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { deny all; } However, once the nginx configuration is re-generated, this is an extract the generated file: location ~ ^(.+?\.php)(/.*)?$ { try_files /[hex_file_name].htm @php; } location @php { try_files $1 = 404; include /etc/nginx/fastcgi_params; fastcgi_split_path_info ^(.+\.php)(/.+)\$; fastcgi_param SCRIPT_FILENAME $document_root$1; fastcgi_param PATH_INFO $2; fastcgi_param HTTPS on; fastcgi_pass unix:/var/run/[removed_file_name].socket; fastcgi_index index.php; } location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { deny all; } Per Nginx's location prioritization, regular expressions are matched in the order they are defined. Indeed it works well to make Let's Encrypt certificate generation seemless but I can't seem to find an way to restrict access to: https://mywebsite.com/config/config.php or any other PHP files within the mentionned folders. I couldn't find anyone that had the same problem, would you help me find out how I can make this work ? Thanks, Jean
×