How to configure only allow access to index.php files in Nginx?

Nginx security configuration: Only access to index.php files is allowed

This article describes how to configure Nginx, only allow access to index.php files, and deny access to all other files or specific PHP files. This enhances server security and prevents unauthorized access.

Scenarios and requirements

Assuming that there are multiple PHP files (such as index.php and test.php ) in the server directory, we need to make sure that only index.php is accessible and other PHP files and other resources are blocked.

Configuration plan

We will provide two configuration solutions to meet different needs:

Scheme 1: Only access to /index.php is allowed, all other requests are denied

This solution is the most stringent, and any other requests except /index.php will be denied. This is suitable for scenarios with extremely high safety requirements.

 server {
    listen 80;
    server_name 192.168.16.86;
    root /home/wwwroot/web;

    include enable-php.conf;

    location = /index.php {
        # Process index.php request try_files $uri $uri/ /index.php?$query_string;
    }

    location / {
        deny all;
    }

    # ... Other location blocks (such as static resource processing) can be retained or removed as needed...
}

Solution 2: Allow access to /index.php and static resources, and reject other PHP files

This solution allows access to static resources (such as pictures, CSS, JS, etc.), and only allows access to index.php , denying access to other PHP files. This is more common in practical applications.

 server {
    listen 80;
    server_name 192.168.16.86;
    root /home/wwwroot/web;

    include enable-php.conf;

    location / {
        # Handle static resource request try_files $uri $uri/ =404;
    }

    location ~ \.php$ {
        deny all;
    }

    location = /index.php {
        # Process index.php request try_files $uri $uri/ /index.php?$query_string;
    }

    # ... Other location blocks (such as static resource cache) can be retained or adjusted as needed...

}

Configuration instructions:

• location = /index.php : Exactly matches the /index.php path and only handles requests to the file.
• location ~ \.php$ : Use regular expressions to match all files ending in .php .
• deny all : All requests are rejected.
• try_files : Try to find a file or directory, and perform subsequent operations if it is not found.

Which option you choose depends on your specific security needs. Solution 1 is more secure, but the restrictions are stricter; Solution 2 is both security and functionality. Please select and adjust the configuration according to the actual situation. Be sure to test the configuration to make sure it meets your expectations. Remember, safe configuration needs to be cautious and it is recommended to test it in a test environment before applying it to the production environment.

The above is the detailed content of How to configure only allow access to index.php files in Nginx?. For more information, please follow other related articles on the PHP Chinese website!