Fatal编程技术网
  • nginx/
  • nginx-排除除两个文件以外的所有文件

nginx-排除除两个文件以外的所有文件

nginx

nginx-排除除两个文件以外的所有文件,nginx,Nginx,我需要允许internet访问我的Nginx 1.6.0 web服务器上的2个文件: [www.example.com/piwik.php][1] [www.example.com/piwik.js][2] 其他一切都需要封锁。要使用的正确位置指令是什么?我有以下信息,它只是部分工作: # allow everyone to access piwik.php location ~ /piwik.php$ { fastcgi_pass unix:/var/run/php5-fpm.so

我需要允许internet访问我的Nginx 1.6.0 web服务器上的2个文件:

[www.example.com/piwik.php][1]

[www.example.com/piwik.js][2]

其他一切都需要封锁。要使用的正确位置指令是什么?我有以下信息,它只是部分工作:

# allow everyone to access piwik.php
location ~ /piwik.php$ {
    fastcgi_pass   unix:/var/run/php5-fpm.sock;
    fastcgi_index  index.php;
    fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include        fastcgi_params;
}

# allow everyone to access piwik.js
location ~ /piwik.js$ {
  root html;
  index index.html index.htm;
}

# The below appears to allow index.php to load, but blocks
# files beneath it (e.g. js/file1.js, imgs/pic1.jpg) so the page 
# is only half-rendered and I see a bunch of 403's in my NGINX logs.
# People are still able to access the half-loaded index.php webform 
# and login!!!

location / {            
    allow 192.168.1.1
    deny all;
    root   html;
    index  index.php index.html index.htm;
}
访问日志如下:

1.2.3.4 - - [04/May/2014:20:04:22 -0400] "GET 
/libs/jquery/stylesheets/jquery.smartbanner.css?cb=ef21e462d0300ea546811bec0ee6a912 
HTTP/1.1" 403 162 "https://example.com/index.php" "Mozilla/5.0 (iPhone; CPU iPhone OS 
7_1_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D201 
Safari/9537.53"

1.2.3.4 - - [04/May/2014:20:04:22 -0400] "GET /plugins/Login/stylesheets/login.css?
cb=ef21e462d0300ea546811bec0ee6a912 HTTP/1.1" 403 162 "https://example.com/index.php" 
"Mozilla/5.0 (iPhone; CPU iPhone OS 7_1_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, 
like Gecko) Version/7.0 Mobile/11D201 Safari/9537.53"

1.2.3.4 - - [04/May/2014:20:03:15 -0400] "GET /plugins/Morpheus/images/logo.svg 
HTTP/1.1" 403 162 "https://example.com/index.php" "Mozilla/5.0 (iPhone; CPU iPhone OS 
7_1_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D201 
Safari/9537.53"
当用户尝试访问主页index.php时,错误如下所示

你能包含你的error.log吗?我已经添加了我在web access中看到的403消息。这是你的access.log,需要查看error.log中的实际错误消息添加了一些Nginx错误日志中的error.log消息。根据这些错误,它正常工作-192.168.1.1中没有的主机被拒绝…所以你是说,由于这个特定的错误,用户仍然收到index.php的一部分?即使他们对页面进行了完全shift-F5完全重新加载?如果是这样的话,那肯定是个错误。。。 
2014/05/06 14:17:51 [error] 6917#0: *385 access forbidden by rule, client: 180.76.X.X, server: example.com, request: "GET /robots.txt HTTP/1.1", host: "example.com"

2014/05/06 15:21:47 [error] 6917#0: *392 access forbidden by rule, client: 66.249.X.X, server: example.com, request: "GET / HTTP/1.1", host: "example.com"

2014/05/06 15:38:24 [error] 6917#0: *398 access forbidden by rule, client: 66.249.X.X, server: example.com, request: "GET / HTTP/1.1", host: "example.com"

2014/05/06 19:02:45 [error] 6917#0: *412 access forbidden by rule, client: 66.249.X.X, server: example.com, request: "GET / HTTP/1.1", host: "example.com"

2014/05/06 20:06:04 [error] 6917#0: *413 access forbidden by rule, client: 185.4.X.X, server: example.com, request: "GET http://24x7-allrequestsallowed.com/?PHPSESSID=1rmsxtj500143PRTJWQAY%40D%5EJFSX HTTP/1.1", host: "24x7-allrequestsallowed.com"

2014/05/06 20:09:22 [error] 6917#0: *414 access forbidden by rule, client: 66.249.X.X, server: example.com, request: "GET / HTTP/1.1", host: "example.com"