Nginx -限制访问文件夹，仍然可以下载 - Nginx - restricting access to folders, still able to be downloaded

Nginx - restricting access to folders, still able to be downloaded

本文关键字：下载文件夹访问 Nginx | 更新日期: 2023-09-27

我最近决定从Apache转向Nginx——因为它更符合我们的需求。我正在试图阻止人们查看/下载某些文件。

location ~ /mysql {
          deny all;
}

我已经使用了这个，它工作得很好-我们的.php文件现在显示403禁止访问。但是如果您找到我们的数据库config.ini文件，它只是下载该文件。这个命令难道不应该足以阻止这种情况的发生吗?

谢谢。

# You may add here your
# server {
#       ...
# }
# statements for each of your virtual hosts to this file
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
server {
    listen 80 default_server;
    listen [::]:80 default_server ipv6only=on;
    root /var/www/html;
    index index.php index.html index.htm;
    # Make site accessible from http://localhost/
    server_name localhost;
    # Only for nginx-naxsi used with nginx-naxsi-ui : process denied reques$
    #location /RequestDenied {
    #       proxy_pass http://127.0.0.1:8080;
    #}
    #error_page 404 /404.html;
error_page 404 403 /404.php;
 # redirect server error pages to the static page /50x.html
    #
    #error_page 500 502 503 504 /50x.html;
    #location = /50x.html {
    #       root /usr/share/nginx/html;
    #}
    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location /mysql/ {
     deny all;
     }
location =  / {
     rewrite ^ /index.php;
     }
location / {
     rewrite ^(.*)$ /$1.php;
     try_files $uri $uri/ /index.html;
     }
location ~ .(css|img|js)/(.+)$ {
    try_files $uri $uri/ /$1/$2;
    }
location ~ '.php$ {
    try_files  $uri =404;
    fastcgi_split_path_info ^(.+'.php)(/.+)$;
    fastcgi_pass unix:/var/run/php5-fpm.sock;
    fastcgi_index index.php;
    include fastcgi_params;
     }
location /doc/ {
    alias /usr/share/doc/;
    autoindex on;
    allow 127.0.0.1;
    deny all;
    }
    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /'.ht {
    #       deny all;
    #}
}

# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
#       listen 8000;
#       listen somename:8080;
#       server_name somename alias another.alias;
#       root html;
#       index index.html index.htm;
#
#       location / {
#               try_files $uri $uri/ =404;
#       }
#}

# HTTPS server
#
#server {
#       listen 443;
#       server_name localhost;
#
#       root html;
#       index index.html index.htm;
#
#       ssl on;
#       ssl_certificate cert.pem;
#       ssl_certificate_key cert.key;
#
#       ssl_session_timeout 5m;
#
#       ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
#       ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
#       ssl_prefer_server_ciphers on;
#
#       location / {
#               try_files $uri $uri/ =404;
#       }
#}

试试这个:

location /mysql/ {
    deny all;
}