location = /index.php { allow MY-IP-HERE; deny all; } 有了这个configuration,因为我不希望别人看到我在维护中的工作,每当我去index.php下载文件,而不是让我看到它。
但是,如果我禁用它,我可以查看它就好了。
我在这里错过了什么?
location ~ \.php$ { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; # NOTE: You should have "cgi.fix_pathinfo = 0;" in # php.ini # With php5-cgi alone: fastcgi_pass 127.0.0.1:9000; # With php5-fpm: fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi_params; }
这里的问题是,你可能以后在.conf文件中将.php请求传递给PHP CGI处理程序。 这里是一个例子:
location ~ \.php$ { fastcgi_pass unix:/var/run/php5-fpm.sock; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; }
当你在这之前添加一个位置时,它会跳过将它传递给FastCGI的位置,所以它会像静态内容一样对待你的PHP文件。
如果你想让你的IP地址限制适用于所有的php文件,那么将你的允许/拒绝内部的位置匹配(并摆脱另一个,因为它现在是空的),如下所示:
location ~ \.php$ { allow MY-IP-HERE; deny all; try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; # NOTE: You should have "cgi.fix_pathinfo = 0;" in # php.ini # With php5-cgi alone: fastcgi_pass 127.0.0.1:9000; # With php5-fpm: fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi_params; }
如果你只想要index.php ,那么你可以嵌套位置匹配:
location ~ \.php$ { location ~ index\.php$ { allow MY-IP-HERE; deny all; } try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; # NOTE: You should have "cgi.fix_pathinfo = 0;" in # php.ini # With php5-cgi alone: fastcgi_pass 127.0.0.1:9000; # With php5-fpm: fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi_params; }
我相信这将继续传递给CGI。 如果没有,那么你可能只需要复制index.php的FastCGI部分。