Jump to content
Froxlor Forum
  • 0
Jjth01

Deny access to some PHP files using nginx, php-fpm and let's encrypt

Question

Hi,

While using a combination of Nginx, PHP-FPM and Let's Encrypt, I tried to deny access to PHP files within some folders using Froxlor's (0.9.39.5) per-vhost configuration.

Here is what I put within the per-vhost configuration field:

location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
	deny all;
}

However, once the nginx configuration is re-generated, this is an extract the generated file:

location ~ ^(.+?\.php)(/.*)?$ {
	try_files /[hex_file_name].htm @php;
}

location @php {
	try_files $1 = 404;

	include /etc/nginx/fastcgi_params;
	fastcgi_split_path_info ^(.+\.php)(/.+)\$;
	fastcgi_param SCRIPT_FILENAME $document_root$1;
	fastcgi_param PATH_INFO $2;
	fastcgi_param HTTPS on;
	fastcgi_pass unix:/var/run/[removed_file_name].socket;
	fastcgi_index index.php;
}

location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
	deny all;
}

Per Nginx's location prioritization, regular expressions are matched in the order they are defined.

Indeed it works well to make Let's Encrypt certificate generation seemless but I can't seem to find an way to restrict access to:

https://mywebsite.com/config/config.php

or any other PHP files within the mentionned folders.

 

I couldn't find anyone that had the same problem, would you help me find out how I can make this work ?

Thanks,

Jean
       

Share this post


Link to post
Share on other sites

0 answers to this question

Recommended Posts

There have been no answers to this question yet

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...





×
×
  • Create New...