我尝试了几种不同的方法来停止访问这些文件,但似乎都没有效果。
目前在 debian jessie 上使用 ISP 配置。我在那里托管一个 webmail (rainloop) 客户端供个人使用。
我还将我的更改添加到 ISPConfig 的 nginx 指令部分。
我遇到的问题是,当我尝试访问 /data 文件夹和任何子目录时出现禁止错误(这按预期工作),但我发现我能够访问几乎任何目录中的所有文件...哎呀......
vhost 底部数据文件夹的默认目录是:/var/www/clients/client1/MYSERVER.COM/web/webmail/data
虚拟主机:
server {
listen SERVER_IP_HERE:80;
listen SERVER_IP_HERE:443 ssl;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_certificate /var/www/clients/client1/web5/ssl/MYSERVER.COM-le.crt;
ssl_certificate_key /var/www/clients/client1/web5/ssl/MYSERVER.COM-le.key;
server_name MYSERVER.COM ;
root /var/www/MYSERVER.COM/web/;
if ($scheme != "https") {
rewrite ^ https://$http_host$request_uri? permanent;
}
index index.html index.htm index.php index.cgi index.pl index.xhtml;
error_log /var/log/ispconfig/httpd/MYSERVER.COM/error.log;
access_log /var/log/ispconfig/httpd/MYSERVER.COM/access.log combined;
location ~ /\. {
deny all;
}
location ^~ /.well-known/acme-challenge/ {
access_log off;
log_not_found off;
root /usr/local/ispconfig/interface/acme/;
autoindex off;
index index.html;
try_files $uri $uri/ =404;
}
location = /favicon.ico {
log_not_found off;
access_log off;
expires max;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location /stats/ {
index index.html index.php;
auth_basic "Members Only";
auth_basic_user_file /var/www/clients/client1/web5/web/stats/.htpasswd_stats;
}
location ^~ /awstats-icon {
alias /usr/share/awstats/icon;
}
location ~ \.php$ {
try_files /12c2654cada4d332b002b97dbfb4002d.htm @php;
}
location @php {
try_files $uri =404;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/lib/php5-fpm/web5.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors on;
}
location ^~ /data {
deny all;
}
}
谢谢您的帮助!