使用 Nginx 限制 OctoberCMS 中的 .htm 页面和部分
Restrict .htm Pages and Partials in OctoberCMS with Nginx
我正在使用 OctoberCMS, based on Laravel and Twig, with Nginx and PHP7.0-FPM。
如果我访问 localhost:8888/mypage,php 被渲染但源被隐藏。
但是如果我访问 localhost:8888/themes/mysite/pages/mypage.htm 我可以在浏览器中查看所有 php 源代码。
这应该限制对这些文件的访问 http://octobercms.com/docs/setup/configuration#nginx-configuration
但是没用。我把它放在我的可用站点中并重新启动了 Nginx。我仍然可以访问 .htm 文件。
我的 Nginx 站点可用:
server {
listen 80;
server_name localhost:8888;
root /var/www/mysite/public;
index index.html index.htm index.php;
location / {
try_files $uri $uri/ /index.php$is_args$args;
include /etc/nginx/mime.types;
}
rewrite ^themes/.*/(layouts|pages|partials)/.*.htm /index.php break;
rewrite ^bootstrap/.* /index.php break;
rewrite ^config/.* /index.php break;
rewrite ^vendor/.* /index.php break;
rewrite ^storage/cms/.* /index.php break;
rewrite ^storage/logs/.* /index.php break;
rewrite ^storage/framework/.* /index.php break;
rewrite ^storage/temp/protected/.* /index.php break;
rewrite ^storage/app/uploads/protected/.* /index.php break;
location ~ \.php$ {
# With php7-fpm:
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi.conf;
}
# Support Search Engine Friendly URLs
location ~ / {
try_files $uri $uri/ /index.php?q=$request_uri;
include /etc/nginx/mime.types;
}
# Deny running scripts inside writable directories
location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ {
return 403;
error_page 403 /403_error.html;
}
}
我通过在 ^
后面加上斜杠解决了这个问题
rewrite ^/themes/.*/(layouts|pages|partials)/.*.htm /index.php break;
它现在转发到 /404。
我正在使用 OctoberCMS, based on Laravel and Twig, with Nginx and PHP7.0-FPM。
如果我访问 localhost:8888/mypage,php 被渲染但源被隐藏。
但是如果我访问 localhost:8888/themes/mysite/pages/mypage.htm 我可以在浏览器中查看所有 php 源代码。
这应该限制对这些文件的访问 http://octobercms.com/docs/setup/configuration#nginx-configuration
但是没用。我把它放在我的可用站点中并重新启动了 Nginx。我仍然可以访问 .htm 文件。
我的 Nginx 站点可用:
server {
listen 80;
server_name localhost:8888;
root /var/www/mysite/public;
index index.html index.htm index.php;
location / {
try_files $uri $uri/ /index.php$is_args$args;
include /etc/nginx/mime.types;
}
rewrite ^themes/.*/(layouts|pages|partials)/.*.htm /index.php break;
rewrite ^bootstrap/.* /index.php break;
rewrite ^config/.* /index.php break;
rewrite ^vendor/.* /index.php break;
rewrite ^storage/cms/.* /index.php break;
rewrite ^storage/logs/.* /index.php break;
rewrite ^storage/framework/.* /index.php break;
rewrite ^storage/temp/protected/.* /index.php break;
rewrite ^storage/app/uploads/protected/.* /index.php break;
location ~ \.php$ {
# With php7-fpm:
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi.conf;
}
# Support Search Engine Friendly URLs
location ~ / {
try_files $uri $uri/ /index.php?q=$request_uri;
include /etc/nginx/mime.types;
}
# Deny running scripts inside writable directories
location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ {
return 403;
error_page 403 /403_error.html;
}
}
我通过在 ^
后面加上斜杠解决了这个问题rewrite ^/themes/.*/(layouts|pages|partials)/.*.htm /index.php break;
它现在转发到 /404。