我有一个文件夹包含一些PHP文件服务与PHP的FMP(fastcgi); 在tihs文件夹中,我有一个文件,我想要允许内部IP和拒绝外部。
我有的问题是,这个configuration…
# PHP location ~ ^\/some\/path\/(.*\.php)$ { alias /some/path/; fastcgi_split_path_info ^(.+\.php)(/.+)$; # # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini # # # With php5-cgi alone: # fastcgi_pass 127.0.0.1:9000; # # With php5-fpm: fastcgi_pass unix:/var/run/php5-fpm.sock; fastcgi_index index.php; include fastcgi_params; # Changes due to the alias declaration fastcgi_param SCRIPT_FILENAME $document_root/$1; fastcgi_param SCRIPT_NAME /$1; } # PHP: phpinfo() access restrictions location = /some/path/phpinfo.php { allow 10.0.0.0/24; deny all; } …访问/some/path/phpinfo.php是正确pipe理,但fastcgi规则不适用(我下载了phpinfo.php文件); 而与此configuration…
# PHP location ~ ^\/some\/path\/(.*\.php)$ { alias /some/path/; fastcgi_split_path_info ^(.+\.php)(/.+)$; # # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini # # # With php5-cgi alone: # fastcgi_pass 127.0.0.1:9000; # # With php5-fpm: fastcgi_pass unix:/var/run/php5-fpm.sock; fastcgi_index index.php; include fastcgi_params; # Changes due to the alias declaration fastcgi_param SCRIPT_FILENAME $document_root/$1; fastcgi_param SCRIPT_NAME /$1; } # PHP: phpinfo() access restrictions location ~ ^\/some\/path\/phpinfo\.php$ { allow 10.0.0.0/24; deny all; }
… /some/path/phpinfo.php被正确解释,但访问限制不适用。
我如何修复configuration,以便/some/path/phpinfo.php被解释和访问限制被应用?
nginx只应用同一级别的一个位置块,所以它要么应用第一个(使用FastCGI而不使用访问控制), 要么使用第二个(不使用FastCGI访问控制)。 为了让它们都应用,你需要像这样嵌套它们:
location ~ ^\/some\/path\/(.*\.php)$ { fastcgi_pass unix:/var/run/php5-fpm.sock; location /some/path/phpinfo.php { allow 10.0.0.0/24; deny all; } }