我在安装magento时,在uploads目录中让nginx停止执行PHP时遇到了困难。我尝试了许多指令组合,当 *.php在该目录中匹配时,它们应该发送503或类似的命令,但我仍然可以在那里执行PHP。当然,代码解决方案是防止.php文件被上传,但我不我不知道如何从nginx的Angular 阻止执行。
map $http_x_ssl_offloaded $fastcgi_https {
default off;
on on;
}
server {
listen 80;
server_name store.xxxx.com;
root /var/www/store.xxxx.com;
#charset koi8-r;
#access_log /var/log/nginx/store.xxxx.com-access.log main;
access_log /var/log/nginx/store.xxxx.com-access.log;
error_log /var/log/nginx/store.xxxx.com-error.log;
gzip on;
gzip_disable msie6;
gzip_static on;
gzip_comp_level 9;
gzip_proxied any;
gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;
location / {
index index.html index.php;
try_files $uri $uri @handler;
expires 30d; ## Assume all files are cachable
}
## Location for media to prevent execution of php
location ^~ /media/ {}
## These locations would be hidden by .htaccess normally
location ^~ /app/ { deny all; }
location ^~ /includes/ { deny all; }
location ^~ /lib/ { deny all; }
location ^~ /media/downloadable/ { deny all; }
location ^~ /pkginfo/ { deny all; }
location ^~ /report/config.xml { deny all; }
location ^~ /var/ { deny all; }
location /var/export/ { ## Allow admins only to view export folder
auth_basic "Restricted"; ## Message shown in login window
auth_basic_user_file htpasswd; ## See /etc/nginx/htpassword
autoindex on;
}
location /. { ## Disable .htaccess and other hidden files
return 404;
}
location @handler { ## Magento uses a common front handler
rewrite / /index.php;
}
location ~ .php/ { ## Forward paths like /js/index.php/x.js to relevant handler
rewrite ^(.*.php)/ $1 last;
}
# Pass all PHP scripts to the PHP-FPM
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
expires off; ## Do not cache dynamic content
fastcgi_pass 127.0.0.1:9000;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param MAGE_RUN_CODE en_us;
fastcgi_param MAGE_RUN_TYPE store;
fastcgi_param SSL_OFFLOADED $fastcgi_https;
fastcgi_param HTTPS $fastcgi_https;
fastcgi_read_timeout 6000;
}
location /api {
rewrite ^/api/rest /api.php?type=rest last;
rewrite ^/api/v2_soap /api.php?type=v2_soap last;
rewrite ^/api/soap /api.php?type=soap last;
}
location /nginx_status {
stub_status on;
access_log off;
allow 127.0.0.1;
deny all;
}
# deny running scripts inside writable directories
location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ {
return 403;
error_page 403 /403_error.html;
}
# caching of files
location ~* \.(ico|pdf|flv)$ {
expires 1y;
}
location ~* \.(js|css|png|jpg|jpeg|gif|swf|xml|txt)$ {
expires 14d;
}
# redirect server error pages to the static page /40x.html
#
error_page 404 /404.html;
location = /40x.html {
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
}
3条答案
按热度按时间ghhaqwfi1#
尝试添加到行:
以下指令(将“your_directory”更改为需要禁止php文件上传的文件夹):
bqujaahr2#
官方医生说:
...正则表达式是按照它们在配置文件中出现的顺序进行检查的。正则表达式的搜索在第一个匹配项时终止,并使用相应的配置。
因此,拒绝脚本的位置应在执行脚本的位置之前。
我不太确定,但我认为这不起作用的原因是:
......是因为它不会立即生效,编译器会将其完全优化。
lymgl2op3#
尝试