Hi Francis, and again thanks for your help in this matter. I would have responded sooner but the day I was planning to resolve this issue I had an unseasonably long power outage.
On Wed, Oct 23, 2013 at 11:41 AM, Francis Daly <fran...@daoine.org> wrote: > On Wed, Oct 23, 2013 at 11:32:33AM -0700, Paul N. Pace wrote: >> On Wed, Oct 23, 2013 at 9:49 AM, Francis Daly <fran...@daoine.org> wrote: > > Hi there, > >> "location ~ php$ { deny all; }" does not deny access to any php files, >> even when nested in "location ^~ /installdirectory/ {}". The previous >> configuration "location ~* installdirectory/.*\.php$ { deny all; }" >> did block access to all php files. The ".*\." - is that why one works >> and the other doesn't? > > I suspect not. > > What "location" lines do you have in the appropriate server{} block in > your config file? hese are the location directives that would apply to the /forums/ directory, the /installdirectory/ of the server block that I'm currently working on. This is an installation of Vanilla, but I'm trying to come up with a general template that I can apply to other packages (not a template as in one single file, but a way to apply directives to each package I use): server { location = /forums/index.php { include global-configs/php.conf; fastcgi_split_path_info ^(.+\.php)(.*)$; } location ^~ forums/ { location ~ php$ { deny all;} } #location ~* forums/.*\.php$ { # deny all; #} location ~* ^/forums/uploads/.*.(html|htm|shtml|php)$ { types { } default_type text/plain; } location /forums/ { try_files $uri $uri/ @forum; location ~* /categories/([0-9]|[1-9][0-9]|[1-9][0-9][0-9])$ { return 404; } } location @forum { rewrite ^/forums/(.+)$ /forums/index.php?p=$1 last; } } > > What one request do you make? > > From that, which one location{} block is used to handle this one request? > >> > http://nginx.org/r/location for how the one location{} is chosen to >> > handle a request. >> >> I read through the nginx.org explanation of the location directive, >> but it isn't helping me with understanding how to build the deny >> statement. > > Do whatever it takes to have these requests handled in a known location{} > block. > > Put the config you want inside that block. Do you mean that I should single out each php file and create a location block to deny access the file? > If you enable the debug log, you will see lots of output, but it will tell > you exactly which block is used, if it isn't clear from the "location" > documentation. I navigated to /forums/login.php. Here seems to be the pertinent part of error.log: 2013/10/25 21:39:19 [debug] 2771#0: *1 test location: "forums/" 2013/10/25 21:39:19 [debug] 2771#0: *1 test location: "/" 2013/10/25 21:39:19 [debug] 2771#0: *1 test location: "phpmyadmin/" 2013/10/25 21:39:19 [debug] 2771#0: *1 test location: "forums" 2013/10/25 21:39:19 [debug] 2771#0: *1 test location: "/" 2013/10/25 21:39:19 [debug] 2771#0: *1 test location: "index.php" 2013/10/25 21:39:19 [debug] 2771#0: *1 test location: ~ "/categories/([0-9]|[1-9][0-9]|[1-9][0-9][0-9])$" 2013/10/25 21:39:19 [debug] 2771#0: *1 test location: ~ "/\." 2013/10/25 21:39:19 [debug] 2771#0: *1 test location: ~ "~$" 2013/10/25 21:39:19 [debug] 2771#0: *1 test location: ~ "piwik/config/" 2013/10/25 21:39:19 [debug] 2771#0: *1 test location: ~ "piwik/core/" 2013/10/25 21:39:19 [debug] 2771#0: *1 test location: ~ "(piwik/index|piwik/piwik|piwik/js/index)\.php$" 2013/10/25 21:39:19 [debug] 2771#0: *1 test location: ~ "^/forums/uploads/.*.(html|htm|shtml|php)$" 2013/10/25 21:39:19 [debug] 2771#0: *1 using configuration "/forums/" I'm not sure which location block is "/forums/". The login.php file is served as a downloadable file. Thanks! Paul _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx