Access error?


#1

location /administrator/ {

       allow 1.1.1.1;

       allow 2.2.2.2;

       deny all;

I tried to use that configuration. If someone accessing
www.domain.com/administrator/ it’s forbidden.

But if someone accessing www.domain.com/administrator/index.php they can
execute it

Is there somethink I’ve missed?


#2

It’s only looking at the directory but not the files. Notice the .* in
the
following example and the php handling.

Example:

Protect

location ~ /(directory1/| directory2/| directory3).* {

            fastcgi_pass    127.0.0.1:9000;

            fastcgi_index   index.php;

            include         fastcgi_params;

           allow 1.1.1.1;

           allow 2.2.2.2;

           deny all;

}

From: removed_email_address@domain.invalid [mailto:removed_email_address@domain.invalid] On Behalf Of
Glen
Lumanau
Sent: Wednesday, April 22, 2009 11:03 PM
To: removed_email_address@domain.invalid
Subject: access error?

    location /administrator/ {

       allow 1.1.1.1;

       allow 2.2.2.2;

       deny all;

I tried to use that configuration. If someone accessing
www.domain.com/administrator/ it’s forbidden.

But if someone accessing www.domain.com/administrator/index.php they can
execute it

Is there somethink I’ve missed?


#3

Tried this but not works aswell L

From: removed_email_address@domain.invalid [mailto:removed_email_address@domain.invalid] On Behalf Of
AMP
Admin
Sent: 23 April 2009 11:33
To: removed_email_address@domain.invalid
Subject: RE: access error?

It’s only looking at the directory but not the files. Notice the .* in
the
following example and the php handling.

Example:

Protect

location ~ /(directory1/| directory2/| directory3).* {

            fastcgi_pass    127.0.0.1:9000;

            fastcgi_index   index.php;

            include         fastcgi_params;

           allow 1.1.1.1;

           allow 2.2.2.2;

           deny all;

}

From: removed_email_address@domain.invalid [mailto:removed_email_address@domain.invalid] On Behalf Of
Glen
Lumanau
Sent: Wednesday, April 22, 2009 11:03 PM
To: removed_email_address@domain.invalid
Subject: access error?

    location /administrator/ {

       allow 1.1.1.1;

       allow 2.2.2.2;

       deny all;

I tried to use that configuration. If someone accessing
www.domain.com/administrator/ it’s forbidden.

But if someone accessing www.domain.com/administrator/index.php they can
execute it

Is there somethink I’ve missed?