What I have
I have Nginx configured to handle the .php files for all virtual hosts, and everything works fine.
location ~ \.php {
include snippets/fastcgi-php.conf;
keepalive_timeout 0;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
}
The above sits in snippets/common.conf
and is included to every virtual host configuration. The aforementioned fastcgi-php.conf
sits next to it.
What I need
For a given virtual host, I need to deny access to all files except /example.php
.
What I tried
-
location ~ ^/example { allow all; } location ~ ^/ { allow 123.123.123.123; deny all; }
The restriction itself works fine, but the PHP file is now returned as a source text, instead of being handled. That means the above somehow overwrites the previous
location ~ \.php
, even though I haven't even included the.php
extension here. Create
common-php.conf
include snippets/fastcgi-php.conf; keepalive_timeout 0; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_pass unix:/run/php/php7.4-fpm.sock;
Reuse it in
common.conf
:location ~ \.php { include snippets/common-php.conf; }
And in my actual virtual host configuration:
location ~ ^/example { allow all; include snippets/common-php.conf; } location ~ ^/ { allow 123.123.123.123; deny all; include snippets/common-php.conf; }
The problems with the above are:
- It significantly complicates the setup
- It seems redundant to configure
/example.php
twice - It doesn't fully work, as I'm getting 403 at e.g.
/plugins/Feedback/angularjs/feedback-popup/feedback-popup.directive.html?cb=abcd1234
for some reason. The CMS I'm using is complicated, and for the previous two reasons, I didn't investigate further.
I would like to configure access to the /example.php
file without overwriting the existing PHP handler it has attached to it. Is this possible? Or are the includes my only option?
Please let me know if you can think of a better configuration for this task. Thank you!