New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Easily deny access to multiple folders on nginx?
Hi,
I installed a script yesterday for which I need to disallow web access to some directories.
In Apache, you could do this with an .htaccess file.
Nginx doesn't support .htaccess files. However, I do see this in the nginx conf file:
# deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #}
I though uncommenting these lines would make nginx block all webaccess to folders containing .ht files, but it doesn't.
How do you guys block web access to multiple folders easily?
Thanks
Comments
Actually I think that only blocks access to .ht files, not the folder the files are in.
I'm not sure if there is any other way except
Thanks for the reply @vedran
Hmm okay. So if I have 10 folders to block, I would have to enter them all manually?
Let's say I have 10 folders located in /home/domains/blabla/site
do I enter them like this?
Thanks
If your root folder is /home/domains/blabla/site, you should be able to
vedran's solution will work, bit be sure to place it before other location directives that might take precedence.
For example if you have:
Then browsing to example.com/folder1 will give "permission denied", but browsing to example.com/folder1/somefile.php will be allowed.
To fix that, change the order of the location directives:
But (going back to the original question) if web access to the folders is not required at all, a better solution would be to remove them entirely from browseable space.
And also, the common user/password auth
http://wiki.nginx.org/HttpAuthBasicModule
Thanks for the replies guys, really appreciate it
Alright then. I was hoping there was some way of having nginx automatically block web access to a directory as soon it finds an .htaccess file in the folder but sadly that's not possible.
I cannot remove them from browseable space as they are part of a script which needs to access to those folders to operate successfully.
Are those
parts of the scripts
not accessed locally?If the script is using include() or require() or reading/writing data, it's doing it by filesystem access. It just needs to know the filesystem path to folder1, etc. And that path can be outside of nginx's webspace.
On the other hand, if the script is using http to access those folders, then it's gonna fail once you block the folders in nginx!
@dnom Yes they are accessed locally, but they are located in the same directory as other folders which do need webaccess.
@sleddog AFAIK it's not using http access.
Here's an excerpt from the readme of the script I'm using
PhpMyAdmin?
What I do with admin scripts like this -- which should be accessible only by me -- is make an admin directory, password-protect it, and put them in there.
example.com/admin/phpmyadmin/
Access to anything inside /admin requires a username/password. And yes, the username/password is different from the phpmyadmin login
Oh, and get https working. A self-signed cert is fine. So all your admin stuff is accessed at https://example.com/admin/
No, PhpMumbleAdmin
http://sourceforge.net/projects/phpmumbleadmin/
That's also an idea yes but I have to set it up for public use...
I use phpminiadmin. It's just one PHP file and it does the trick.
Edit: that's instead PhpMyAdmin, not PhpMumbleAdmin, of course
OK, so forget everything I said Go back to @vedran's suggestion and use "location" to block access to those folders.
I did this as well, but I wonder if we can somehow authorize an administrator to access those?
I prefer Adminer to phpminiadmin, much better interface and more features, similar to PhpMyAdmin. http://www.adminer.org/
Edit: I just realized this actually a really old topic. Sorry