我的PHP包括:
location ~ \.php$ { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_index index.php; fastcgi_pass unix:/var/run/php5.socket; include /etc/nginx/fastcgi_params; } 我尝试允许按位置访问目录中的文件:
location ~ /internal { allow IP; deny all; }
它的工作原理,但在这个目录中的PHP文件可以下载。
请记住:Nginx总是只select一个位置块来匹配请求。 search顺序是:
= ^~ None ~ ~* @ 所以,一个请求/internal/foo.php由前缀location /internal first匹配,然后search终止和正则expression式不被检查。 这就是为什么你在请求PHP文件时会得到一个下载对话框。
为了避免重复,把通用指令放在一个单独的文件中,并使用include指令,如下所示:
/etc/nginx/php.conf
try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_index index.php; fastcgi_pass unix:/var/run/php5.socket; include /etc/nginx/fastcgi_params;
/etc/nginx/nginx.conf
location /internal { allow IP; deny all; location ~ ^/internal(.*\.php)$ { include php.conf; } } location ~ \.php$ { include php.conf; }
尝试在/内部位置添加一个php位置,例如:
location ~ /internal/\.php$ { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_index index.php; fastcgi_pass unix:/var/run/php5.socket; include /etc/nginx/fastcgi_params; }