Home / server / Questions / 319746
Accepted
Roger
Asked: 2011-10-09 07:36:53 +0800 CST

Nginx: Limit access to all but php

  • 772

I want to deny access to one specific folder (and all files inside of it) but I'd like that php files from inside my server could have access to it (and its files). Is it possible? This is what I am trying without suvccess:

location /folder/ {
    allow 1.2.3.4;  # my server IP
    deny all;
    return 404;
}
php security nginx

2 Answers

  1. The ACLs you set up in the nginx-configuration, is for the http-requests that will be served by nginx. If PHP wants to access other files, it is not constrained by the configuration of nginx. PHP however, can be constrained by its own configuration.

    Since you want to move some security to PHP, I want to note that PHP may have access to configuration files and the likes. So you should make sure that you don't allow code like this to give any useful information to an attacker:

    http://my.server.acme.org/images.php?file=../../../etc/passwd
    • 1
  2. Best Answer

    In the reality, this is what worked for me:

    location ~ folder/ {
            allow 1.2.3.4;  #server IP
            deny all;
    }
    • 0