Allowing access to a specific file in location block nginx config

ArthurYakovlev
April 17, 2021
181 views
0 votes
2 Answers

In my nginx config I have been block all access from my IP however allowed to do that with my localhost. I would like to allow global access to one file of mine xn.php I try to do that with location ^~ /xn.php and it’s not working. As well I tried location /xn.php and still fail. How should I do that? I checked a lot documentation however I stuck on it

server {
        listen   127.0.0.1:80;
        root /var/www/html/;
        index /index.php;
        server_name localhost;

        location / {
                deny 77.777.77.0/24;
                allow 127.0.0.1;
                autoindex on;
                index index.php;
                try_files $uri /index.html /index.php;
                deny all;
        }
        location ^~ /xn.php {
                allow all;
        }
        location ~ .php$ {
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
        }
        location ~ /.ht {
                deny all;
        }
}

Tags: nginx

Answers

- ExploitFate
- April 17, 2021 at 11:53 pm
- 0 votes
0
Update your nginx location config a bit
```
        location /xn.php {
                allow all;
                autoindex on;
                index index.php;
                try_files $uri $uri/ /index.php?$args;
        }
```
Login or Signup to reply.

- IvanShatsky
- April 18, 2021 at 12:03 am
- 0 votes
0
With your current configuration xn.php content would be send as HTTP response rather than being interpreted with PHP-FPM. Additionally, any request for PHP file won’t be blocked with your deny rule since it won’t match the location / { ... } block. You can try this:
```
server {
        listen 80;
        root /var/www/html/;
        index /index.php;
        location / {
                allow 127.0.0.1;
                deny all;
                autoindex on;
                index index.php;
                try_files $uri /index.html /index.php;
        }
        location = /xn.php {
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
        }
        location ~ .php$ {
                allow 127.0.0.1;
                deny all;
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
        }
        location ~ /.ht {
                deny all;
        }
}
```
Update

Since you are listening only on 127.0.0.1 interface this server block won’t be reachable from any other host at all. Right configuration for you depends on other server blocks you have in your nginx config.
Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.