3 messages in ru.sysoev.nginxRE: access error?| From | Sent On | Attachments |
|---|---|---|
| Glen Lumanau | Apr 22, 2009 9:02 pm | |
| AMP Admin | Apr 22, 2009 9:32 pm | |
| Glen Lumanau | Apr 27, 2009 3:51 am |
| Subject: | RE: access error? | |
|---|---|---|
| From: | AMP Admin (adm...@ampprod.com) | |
| Date: | Apr 22, 2009 9:32:16 pm | |
| List: | ru.sysoev.nginx | |
It's only looking at the directory but not the files. Notice the .* in the following example and the php handling.
Example:
## Protect
location ~ /(directory1/| directory2/| directory3).* {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
allow 1.1.1.1;
allow 2.2.2.2;
deny all;
}
From: owne...@sysoev.ru [mailto:owne...@sysoev.ru] On Behalf Of Glen Lumanau Sent: Wednesday, April 22, 2009 11:03 PM To: ngi...@sysoev.ru Subject: access error?
location /administrator/ {
allow 1.1.1.1;
allow 2.2.2.2;
deny all;
I tried to use that configuration. If someone accessing www.domain.com/administrator/ it's forbidden.
But if someone accessing www.domain.com/administrator/index.php they can execute it
Is there somethink I've missed?