0

Below is the current Nginx configuration.

I only want people to access my site like below

  • /main
  • /my/mypage

and block all access with a PHP extension

  • /main.php
  • /my/mypage.php
        error_page 403 404 /error/error;
        location ~ \.php$ {
                internal;
                #try_files $uri =404;
                #return 404;
                #try_files @error;
        }
        location ~ (\.php|.html|.aspx|.asp|myadmin) {
                return 404;
                #try_files $uri =404;
                #deny all;
        }
        location / {
                if (-e $request_filename.php) {
                        rewrite ^/(.*)$ /$1.php;
                }
        }

        #location @extensionless-php {
        #       rewrite ^(.*)$ $1.php last;
        #}
        location ~ (^|/)\. {
                return 403;
        }
        location ~ \..*/.*\.php$ {
                return 403;
        }

I searched for many articles and questions. But I can still access the main.php or /my/mypage.php even if a follow them.

Below is the configuration that I saw in other articles that instructed me to block direct php file extension with

location ~ \.php$ {
     internal;
}

but this doesn't seem to work for me? Am I having a problem with fastcgi or php-fpm?

This is the full code of nginx.conf

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    #default_type        application/octet-stream;
    default_type text/html;
    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

    server {
        listen       80 default_server;
        listen       [::]:80 default_server;
        server_name  _;
        root         /usr/share/nginx/public_html;
        index main.php;
        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;
        error_page 403 404 /error/error.php;

        location ^~ /my {
                deny all;
                return 404;
        }
        location ~ (\.php|.aspx|.asp|myadmin) {
                return 404;
        }
        location ~ main.php {
                internal;
        }

        location ~ \.php$ {
                internal;
        }

        location = /main.php {
                #deny all;
                internal;
        }
        location = /errorpage_404.html {
                root /usr/share/nginx/public_html;
                internal;
        }

        #error_page 500 502 503 504 error/errorpage_505.html;
        #    location = /50x.html {
        #}
        #include kim_rewrite.conf;
    }
}

Thank you for your response;

Yongjun Kim
  • 1
  • 1

0 Answers0