Home  >  Article  >  Backend Development  >  How to prevent directory execution of PHP script files by Apache Nginx

How to prevent directory execution of PHP script files by Apache Nginx

不言
不言Original
2018-06-21 14:43:021596browse

This article mainly introduces the method of Apache Nginx to prohibit the execution of PHP script files in a directory. The content is quite good. I will share it with you now and give it as a reference.

When we build a website, we may need to set permissions on some directories separately to achieve the security effects we need. The following is an example of how to prohibit the execution of php files in a certain directory under Apache or Nginx.

1.Apache configuration

<Directory /apps/web/renwole/wp-content/uploads>
 php_flag engine off
</Directory>
<Directory ~ "^/apps/web/renwole/wp-content/uploads">
 <Files ~ ".php">
 Order allow,deny
 Deny from all
 </Files>
</Directory>

2.Nginx configuration

location /wp-content/uploads {
  location ~ .*\.(php)?$ {
  deny all;
  }
}

Nginx prohibits multiple directories from executing PHP:

location ~* ^/(css|uploads)/.*\.(php)${
  deny all;
}

After the configuration is completed, reload the configuration file or restart the Apache or Nginx service. All subsequent PHP files accessed through uploads will return 403, which greatly increases the security of the web directory.

The above is the entire content of this article. I hope it will be helpful to everyone's study. For more related content, please pay attention to the PHP Chinese website!

Related recommendations:

How to use PHP to forge a referer to break through the network disk and prohibit external connections

The above is the detailed content of How to prevent directory execution of PHP script files by Apache Nginx. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn