skip to Main Content

In my nginx config I have been block all access from my IP however allowed to do that with my localhost. I would like to allow global access to one file of mine xn.php I try to do that with location ^~ /xn.php and it’s not working. As well I tried location /xn.php and still fail. How should I do that? I checked a lot documentation however I stuck on it

server {
        listen   127.0.0.1:80;
        root /var/www/html/;
        index /index.php;
        server_name localhost;

        location / {
                deny 77.777.77.0/24;
                allow 127.0.0.1;
                autoindex on;
                index index.php;
                try_files $uri /index.html /index.php;
                deny all;
        }
        location ^~ /xn.php {
                allow all;
        }
        location ~ .php$ {
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
        }
        location ~ /.ht {
                deny all;
        }
}

2

Answers


  1. Update your nginx location config a bit

            location /xn.php {
                    allow all;
                    autoindex on;
                    index index.php;
                    try_files $uri $uri/ /index.php?$args;
            }
    
    Login or Signup to reply.
  2. With your current configuration xn.php content would be send as HTTP response rather than being interpreted with PHP-FPM. Additionally, any request for PHP file won’t be blocked with your deny rule since it won’t match the location / { ... } block. You can try this:

    server {
            listen 80;
            root /var/www/html/;
            index /index.php;
            location / {
                    allow 127.0.0.1;
                    deny all;
                    autoindex on;
                    index index.php;
                    try_files $uri /index.html /index.php;
            }
            location = /xn.php {
                    include snippets/fastcgi-php.conf;
                    fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
            }
            location ~ .php$ {
                    allow 127.0.0.1;
                    deny all;
                    include snippets/fastcgi-php.conf;
                    fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
            }
            location ~ /.ht {
                    deny all;
            }
    }
    

    Update

    Since you are listening only on 127.0.0.1 interface this server block won’t be reachable from any other host at all. Right configuration for you depends on other server blocks you have in your nginx config.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search