How to deny access to all PHP files in Nginx, except for the 2 necessary ones in subdirectories?

A

Alex2018-12-03 02:30:41

Nginx

Alex, 2018-12-03 02:30:41

Hello. Who can tell me how to write rules for nginx that would prohibit access to any \.(php|cgi|pl|phtml) files in a directory, say, /dir/apdir/, but would allow access to 2 PHP files in nested folders?
To make the question more clear, I will give an example:
If you need to allow access to only one file, the construction is as follows:

location ~ ^/dir/apdir/.+\.(php|cgi|pl|phtml)(?<!subdir/index\.php) {
  deny all;
}

Access to all php|cgi|pl|phtml files in the /dir/apdir/ folder and its subfolders, except for the /dir/apdir/subdir/index.php file, is denied.
Everything is clear here (or is there a more elegant solution?).
But if there are two PHP files that you need to allow access to, for example:
/dir/apdir/subdir/index.php
/dir/apdir/js/idexfile/file.php
Here - until a dead end ... Double look back is not works :

location ~ ^/dir/apdir/.+\.(php|cgi|pl|phtml)((?<!subdir/index\.php)|(?<!js/idexfile/file\.php)) {
  deny all;
}

That's not how the rules work.
And if you first allow access to the necessary files, and then deny access to all the rest, it also does not work:

location ~ ^/(dir/apdir/subdir/index|dir/apdir/js/idexfile/file)\.php {
  allow all;
}

location ~ ^/(dir/apdir)/.+\.(php|cgi|pl|phtml) {
  deny all;
}

How to be in that case?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

S

Softer, 2018-12-03
@FIGPlaton

Через белый список.

location ~* ^(file1|file2)\.php {
    # FastCGI here
}
location ~* \.php {
    deny all;
}