nginx configuration prohibits access to directories or files-PHP Tutorial-php.cn

Home

Backend Development

PHP Tutorial

nginx configuration prohibits access to directories or files

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jul 29, 2016 am 09:13 AM

htmlimageslocationphp

Please support for more: http://www.webyang.net/Html/web/article_168.html

Some website systems require users to upload pictures and other files to certain directories. It is inevitable that the program has some loopholes, resulting in Users uploaded php, cgi and other executable files, causing the website to fall into a very difficult situation. At this time, we can use nginx to prohibit users from accessing executable files in these directories.

nginx configuration:

<ol>
<li value="1">
<span>location </span><span>~</span><span></span><span>^</span><span>/(uploads|images)/</span><span>.*</span><span>\.</span><span>(</span><span>php</span><span>|</span><span>php5</span><span>|</span><span>jsp</span><span>)</span><span>$ </span><span>{</span>
</li>
<li>
<span>    deny all</span><span>;</span>
</li>
<li><span>}</span></li>
</ol>

tips: All php and jsp under the uploads and images directories cannot be accessed.
Some people may also choose to write like this:

<ol>
<li value="1">
<span>location </span><span>~</span><span></span><span>^</span><span>/(uploads|images)/</span><span>.*</span><span>\.</span><span>(</span><span>php</span><span>|</span><span>php5</span><span>|</span><span>jsp</span><span>)</span><span>$ </span><span>{</span>
</li>
<li>
<span></span><span>return</span><span></span><span>403</span><span>;</span>
</li>
<li><span>}</span></li>
</ol>

This is the same. If a 403 page is configured, it will jump to it.
403 page configuration:

<ol><li value="1">
<span>error_page </span><span>403</span><span> http</span><span>:</span><span>//www.webyang.net/public/404.html;</span>
</li></ol>

There are also some issues that need to be paid attention to, that is, we may place .sql files in any directory of the site. We can prohibit browser access through the following methods.

<ol>
<li value="1">
<span>location </span><span>~.*</span><span>\.sql </span><span>{</span>
</li>
<li>
<span>    deny all</span><span>;</span>
</li>
<li><span>}</span></li>
</ol>

In this way, the sql files in any directory will not be accessed by users.

The above introduces nginx configuration to prohibit access to directories or files, including vulnerability aspects. I hope it will be helpful to friends who are interested in PHP tutorials.

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

PHP Email: Step-by-Step Sending GuideMay 09, 2025 am 12:14 AM

PHPisusedforsendingemailsduetoitsintegrationwithservermailservicesandexternalSMTPproviders,automatingnotificationsandmarketingcampaigns.1)SetupyourPHPenvironmentwithawebserverandPHP,ensuringthemailfunctionisenabled.2)UseabasicscriptwithPHP'smailfunct

How to Send Email via PHP: Examples & CodeMay 09, 2025 am 12:13 AM

The best way to send emails is to use the PHPMailer library. 1) Using the mail() function is simple but unreliable, which may cause emails to enter spam or cannot be delivered. 2) PHPMailer provides better control and reliability, and supports HTML mail, attachments and SMTP authentication. 3) Make sure SMTP settings are configured correctly and encryption (such as STARTTLS or SSL/TLS) is used to enhance security. 4) For large amounts of emails, consider using a mail queue system to optimize performance.

Advanced PHP Email: Custom Headers & FeaturesMay 09, 2025 am 12:13 AM

CustomheadersandadvancedfeaturesinPHPemailenhancefunctionalityandreliability.1)Customheadersaddmetadatafortrackingandcategorization.2)HTMLemailsallowformattingandinteractivity.3)AttachmentscanbesentusinglibrarieslikePHPMailer.4)SMTPauthenticationimpr

Guide to Sending Emails with PHP & SMTPMay 09, 2025 am 12:06 AM

Sending mail using PHP and SMTP can be achieved through the PHPMailer library. 1) Install and configure PHPMailer, 2) Set SMTP server details, 3) Define the email content, 4) Send emails and handle errors. Use this method to ensure the reliability and security of emails.

What is the best way to send an email using PHP?May 08, 2025 am 12:21 AM

ThebestapproachforsendingemailsinPHPisusingthePHPMailerlibraryduetoitsreliability,featurerichness,andeaseofuse.PHPMailersupportsSMTP,providesdetailederrorhandling,allowssendingHTMLandplaintextemails,supportsattachments,andenhancessecurity.Foroptimalu

Best Practices for Dependency Injection in PHPMay 08, 2025 am 12:21 AM

The reason for using Dependency Injection (DI) is that it promotes loose coupling, testability, and maintainability of the code. 1) Use constructor to inject dependencies, 2) Avoid using service locators, 3) Use dependency injection containers to manage dependencies, 4) Improve testability through injecting dependencies, 5) Avoid over-injection dependencies, 6) Consider the impact of DI on performance.

PHP performance tuning tips and tricksMay 08, 2025 am 12:20 AM

PHPperformancetuningiscrucialbecauseitenhancesspeedandefficiency,whicharevitalforwebapplications.1)CachingwithAPCureducesdatabaseloadandimprovesresponsetimes.2)Optimizingdatabasequeriesbyselectingnecessarycolumnsandusingindexingspeedsupdataretrieval.

PHP Email Security: Best Practices for Sending EmailsMay 08, 2025 am 12:16 AM

ThebestpracticesforsendingemailssecurelyinPHPinclude:1)UsingsecureconfigurationswithSMTPandSTARTTLSencryption,2)Validatingandsanitizinginputstopreventinjectionattacks,3)EncryptingsensitivedatawithinemailsusingOpenSSL,4)Properlyhandlingemailheaderstoa

See all articles

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

How to fix KB5055523 fails to install in Windows 11?

4 weeks agoByDDD

How to fix KB5055518 fails to install in Windows 10?

4 weeks agoByDDD

Roblox: Grow A Garden - Complete Mutation Guide

3 weeks agoByDDD

Roblox: Bubble Gum Simulator Infinity - How To Get And Use Royal Keys

3 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

How to fix KB5055612 fails to install in Windows 10?

3 weeks agoByDDD

Hot Tools

MantisBT

Mantis is an easy-to-deploy web-based defect tracking tool designed to aid in product defect tracking. It requires PHP, MySQL and a web server. Check out our demo and hosting services.

Atom editor mac version download

The most popular open source editor

MinGW - Minimalist GNU for Windows

This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.