阻止 nginx 中的文件夹和里面的所有内容,抛出 404 除了 localhost。浏览器正在请求脚本下载
Block folder in nginx and ALL contents inside, throw 404 EXCEPT for localhost. Browser is requesting script download
这是我的代码:
# I had to do this one because going .com/restricted was throwing 403, not 404.
location /restricted {
return 404;
}
#This seemed to work except I don't want localhost to have 404, I want it to access correctly
location ~ /restricted/(.+)\.php$ {
deny all;
return 404;
allow 127.0.0.1;
}
所以,基本上:
- 每次非本地主机尝试访问受限或其内容(例如
/restricted/should_be_restricted_script.php)时获取 404
- 每当我尝试访问该文件夹时,浏览器都会询问我是否要下载脚本...当我保存并打开它时,确实是
should_be_restricted_script.php,我想不通为什么...
有人可以帮助我吗? tyvm
我认为您应该替换 deny 和 allow 行,因为第一个匹配项将适用:
location ~ /restricted/(.+)\.php$ {
allow 127.0.0.1;
deny all;
}
试试这个
location ~ /restricted/(.+)\.php$ {
deny all;
return 404;
allow 127.0.0.1;
}
location ~ ^/restricted {
return 404;
}
我认为你的问题与nginx如何选择"best"位置有关,他优先考虑非regexp位置。
看看这个article
这是我的代码:
# I had to do this one because going .com/restricted was throwing 403, not 404.
location /restricted {
return 404;
}
#This seemed to work except I don't want localhost to have 404, I want it to access correctly
location ~ /restricted/(.+)\.php$ {
deny all;
return 404;
allow 127.0.0.1;
}
所以,基本上:
- 每次非本地主机尝试访问受限或其内容(例如
/restricted/should_be_restricted_script.php)时获取 404 - 每当我尝试访问该文件夹时,浏览器都会询问我是否要下载脚本...当我保存并打开它时,确实是
should_be_restricted_script.php,我想不通为什么...
有人可以帮助我吗? tyvm
我认为您应该替换 deny 和 allow 行,因为第一个匹配项将适用:
location ~ /restricted/(.+)\.php$ {
allow 127.0.0.1;
deny all;
}
试试这个
location ~ /restricted/(.+)\.php$ {
deny all;
return 404;
allow 127.0.0.1;
}
location ~ ^/restricted {
return 404;
}
我认为你的问题与nginx如何选择"best"位置有关,他优先考虑非regexp位置。
看看这个article