我正在尝试阻止 WordPress 安装中几个文件夹中的 PHP 脚本执行,但是 Nginx 让我很难受。
location = /wp/wp-includes/category.php {
deny all;
}
我能够使用精确匹配来阻止单个脚本,但当我使用正则表达式时它不起作用。
location ~* /wp/wp-includes/.*\.php$ {
deny all;
}
我不知道我做错了什么?
编辑
在上述规则之后,我有以下规则:
location / {
error_page 418 = @cachemiss;
# To allow POST on static pages. Will search with me error
error_page 405 =200 $uri;
recursive_error_pages on;
# bypass cache for common query strings
if ($arg_s != "") { return 418; } # search query
if ($arg_p != "") { return 418; } # request a post / page by ID
if ($arg_amp != "") { return 418; } # amp test
if ($arg_preview = "true") { return 418; } # preview post / page
if ($http_cookie ~* "(wordpress_logged_in_|wp\-postpass_|woocommerce_items_in_cart|woocommerce_cart_hash|wptouch_switch_toogle|comment_author_|comment_author_email_)") {
return 418;
}
# by pass caching for post requests
if ($request_method = POST ) {
return 418;
}
if (!-f "$rocket_file") {
return 418;
}
etag on;
try_files "$rocket_url" $uri $uri/ /index.php$is_args$args;
}
location @cachemiss {
try_files $uri $uri/ /index.php$is_args$args;
}