我有一个带有 Raspbian 的 RaspberryPi,我希望公共 www 文件夹受 htpasswd 保护,并且 php 文件正确传递,并且 .htpasswd 和 .db 文件被拒绝。
但这不适用于我的配置。当我从本地网络 ( http://192.168.0.12/test/page.php) 中的浏览器调用该站点时,它会正确显示,但不需要身份验证,并且我可以下载 .htpasswd 和 .db 文件,即使我在配置中拒绝了它们。
怎么了?是否有可能仅执行第一个匹配的位置块?我怎样才能绕过这个?
“/usr/share/nginx/www”中的文件夹结构:
test
- data.db
- page.php
- .htpasswd
index.html
index.php
.htpasswd
我的 nginx 服务器配置:
server {
#listen 80; ## listen for ipv4; this line is default and implied
#listen [::]:80 default_server ipv6only=on; ## listen for ipv6
root /usr/share/nginx/www;
index index.html index.htm index.php;
# Make site accessible from http://localhost/
server_name localhost;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ /index.html;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
}
location /doc/ {
alias /usr/share/doc/;
autoindex on;
allow 127.0.0.1;
allow ::1;
deny all;
}
#pass the PHP scripts to PHP-FPM server listening on unix socket
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /testDb {
auth_basic "Admin Login";
auth_basic_user_file /usr/share/nginx/www/test/.htpasswd;
}
# deny access to .ht files
location ~ \.ht {
deny all;
}
# deny access to .db files
location ~ \.db {
deny all;
}
}