How do I block PHP's permission in Apache and Nginx directories
- 2020-05-10 23:21:33
- OfStack
PHP script cannot be run in a specified directory under Apache
Add php_flag engine off directive to the virtual host configuration file. The configuration is as follows:
Options FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
php_flag engine off
The other method is set in htaccess. This method is more flexible for those webmasters who do not have the security operation permission of apapche:
The Apache environment rules are as follows: Apache executes the php script to restrict the addition of these rules to the.htaccess file
The code is as follows:
RewriteEngine on RewriteCond % !^$
RewriteRule uploads/(.*).(php)$ � [F]
RewriteRule data/(.*).(php)$ � [F]
RewriteRule templets/(.*).(php)$ � [F]
PHP script cannot be run in a specified directory under Nginx
Nginx is even simpler. You can directly disable the permission after location condition matching. You can add the following configuration to the server configuration section.
If it's a single directory:
location ~* ^/uploads/.*\.(php|php5)$
{
deny all;
}
If multiple directories:
location ~* ^/(attachments|uploads)/.*\.(php|php5)$
{
deny all;
}
Note: this configuration file 1 must be placed in front of the following configuration to take effect.
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
Finally, a complete configuration example is given
location ~ /mm/(data|uploads|templets)/*.(php)$ {
deny all;
}
location ~ .php$ {
try_files $uri /404.html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
Remember to restart Nginx to take effect after configuration.