Some website systems need users to upload pictures and other files to some directories, it is hard to avoid some loopholes in the program, resulting in users to upload PHP, CGI and other executable files, resulting in a very difficult situation for the website. At this point we can use nginx to prevent users from accessing executable files in these directories. If not, nginx will directly download the configuration file in the Web directory, if any, and can directly expose some of the configuration file source code. When testing, clear the browser cache, which caches downloaded files. If similar configuration files exist, do not save them in the Web directory for greater security.
Disallow access to files with specific suffixes
location ~ \.(php|jsp|txt)$ {
deny all;
}
Copy the codeDisallow access to PHP suffix files in a directory
location /directory {
location ~ .*\.(php)?$ {
deny all;
}
}
Copy the codeDisallow access to PHP suffix files in multiple directories
location ~* ^/(directory1|directory2)/.*\.(php)${
deny all;
}
Copy the codeAccess to a directory or files in a directory is prohibited
Location ^~ /test/ {deny all; } # location ^~ /test {deny all; }Copy the codeNginx location matching syntax
= indicates an exact match
^~ indicates that the URI begins with a string
~ regular matching (case sensitive)
~* Regular match (case insensitive)! And! * is a case-insensitive and case-insensitive re, respectively
/ Any request will match
Matching priority: = > ^~ > /
Nginx configures to disable reverse proxies in specific paths. Nginx configures to prohibit access to directories or files in directories. Nginx cross-domain processing takes you through basic nginx login authentication (including configuration steps).