location = /index.php {
allow MY-IP-HERE;
deny all;
}
使用此配置,因为我不希望其他人看到我在维护中的工作,因此每当我转到索引时.php它都会下载文件而不是让我看到它。
但是,如果我禁用它,我可以很好地查看它。
我在这里错过了什么吗?
location ~ '.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+'.php)(/.+)$;
# NOTE: You should have "cgi.fix_pathinfo = 0;" in
# php.ini
# With php5-cgi alone: fastcgi_pass 127.0.0.1:9000;
# With php5-fpm:
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
}
这里的问题是,你可能稍后在 .conf 文件中将.php请求传递给 PHP CGI 处理程序。下面是一个示例:
location ~ '.php$ {
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
当你在那之前添加一个位置时,它会跳过将其交给 FastCGI 的位置,所以它会把你的 PHP 文件当作静态内容来处理。
如果您希望您的 IP 地址限制应用于所有 php 文件,请将您的允许/拒绝移动到该位置匹配中(并摆脱另一个,因为它现在是空的(,如下所示:
location ~ '.php$ {
allow MY-IP-HERE;
deny all;
try_files $uri =404;
fastcgi_split_path_info ^(.+'.php)(/.+)$;
# NOTE: You should have "cgi.fix_pathinfo = 0;" in
# php.ini
# With php5-cgi alone: fastcgi_pass 127.0.0.1:9000;
# With php5-fpm:
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
}
如果您只想将其用于index.php
,则可以嵌套位置匹配项:
location ~ '.php$ {
location ~ index'.php$ {
allow MY-IP-HERE;
deny all;
}
try_files $uri =404;
fastcgi_split_path_info ^(.+'.php)(/.+)$;
# NOTE: You should have "cgi.fix_pathinfo = 0;" in
# php.ini
# With php5-cgi alone: fastcgi_pass 127.0.0.1:9000;
# With php5-fpm:
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
}
我相信这将允许继续传递给CGI。如果没有,那么您可能只需要复制索引.php的 FastCGI 部分。