nginx-php-fpm:某些 php 页面的访问限制

tag-icon tag-icon php nginx php-fpm
nginx-php-fpm:某些 php 页面的访问限制

我有一个文件夹,其中包含一些由 php-fpm(fastcgi)提供的 PHP 文件;在这个文件夹中,我有一个文件,我希望允许内部 IP 访问该文件,但拒绝外部 IP 访问该文件。

我遇到的问题是,这种配置......

# PHP
location ~ ^\/some\/path\/(.*\.php)$ {
  alias /some/path/;
  fastcgi_split_path_info ^(.+\.php)(/.+)$;
  # # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
  #
  # # With php5-cgi alone:
  # fastcgi_pass 127.0.0.1:9000;
  # # With php5-fpm:
  fastcgi_pass unix:/var/run/php5-fpm.sock;
  fastcgi_index index.php;
  include fastcgi_params;
  # Changes due to the alias declaration
  fastcgi_param SCRIPT_FILENAME $document_root/$1;
  fastcgi_param SCRIPT_NAME /$1;
}

# PHP: phpinfo() access restrictions
location = /some/path/phpinfo.php {
  allow 10.0.0.0/24;
  deny all;
}

...访问/some/path/phpinfo.php管理正确,但 fastcgi 规则未应用(我下载了phpinfo.php文件);而使用此配置...

# PHP
location ~ ^\/some\/path\/(.*\.php)$ {
  alias /some/path/;
  fastcgi_split_path_info ^(.+\.php)(/.+)$;
  # # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
  #
  # # With php5-cgi alone:
  # fastcgi_pass 127.0.0.1:9000;
  # # With php5-fpm:
  fastcgi_pass unix:/var/run/php5-fpm.sock;
  fastcgi_index index.php;
  include fastcgi_params;
  # Changes due to the alias declaration
  fastcgi_param SCRIPT_FILENAME $document_root/$1;
  fastcgi_param SCRIPT_NAME /$1;
}

# PHP: phpinfo() access restrictions
location ~ ^\/some\/path\/phpinfo\.php$ {
  allow 10.0.0.0/24;
  deny all;
}

.../some/path/phpinfo.php解释正确,但不适用访问限制。

我如何修复配置以便/some/path/phpinfo.php进行解释并应用访问限制?

答案1

nginx 仅适用于位置块处于同一级别,因此要么应用第一个(使用 FastCGI 但没有访问控制)或者第二个(没有 FastCGI 的访问控制)。要同时应用它们,您需要像这样嵌套它们:

location ~ ^\/some\/path\/(.*\.php)$ {
    fastcgi_pass unix:/var/run/php5-fpm.sock;

    location /some/path/phpinfo.php {
        allow 10.0.0.0/24;
        deny all;
    }
}

相关内容