Deny rules not working - raw php files being served!

Deny rules not working - raw php files being served!

Posted by edbloom (Guest)

on 2013-03-10 10:36

Hi all,

I'm using a pretty simple WordPress nginx config that is documented on 
the
WordPress codex.

http://codex.wordpress.org/Nginx

All works fine except for 1 critical aspect.

The config uses a restrictions.conf which has some fairly simple rules 
for
blocking unauthorized access to specific files and file patterns like 
the
following:

# Deny all attempts to access hidden files such as .htaccess, .htpasswd,
.DS_Store (Mac).
# Keep logging the requests to parse later (or to pass to firewall 
utilities
such as fail2ban)
location ~ /\. {
  deny all;
}


What I've found is rather than actually denying requests, raw php files 
are
being served up via nginx - which is very odd.

Any ideas why this would be happening?

Ed

Posted at Nginx Forum: 
http://forum.nginx.org/read.php?2,237177,237177#msg-237177

Edit | Move | Delete topic | Reply with quote

Enable email notification |

Enable multi-page view

Please log in before posting. Registration is free and takes only a minute.

Existing account (Switch to SSL-encrypted connection)

NEW: Do you have a Google/GoogleMail or Yahoo account? No registration required!
Log in with Google account | Log in with Yahoo account

No account? Register here.

User name or e-mail address
Password

Forum: NGINX Deny rules not working - raw php files being served!