Estou tentando bloquear nginxo acesso a todos .phpos arquivos. Pelo que entendi, o código abaixo deve funcionar (depois sudo systemctl restart nginx). Em vez disso, nginxestou encaminhando para o meu servidor, onde posso ver Event Viewero erro.
location ~ \.php$ {
return 403;
}
Registro de acesso Nginx:
x.x.x.x - - [19/Jul/2024:08:09:17 -0300] "GET /test-user.php HTTP/1.1" 500 1405 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36"
ATUALIZAÇÃO - configuração completa
http {
keepalive_timeout 60s;
proxy_read_timeout 60s;
proxy_send_timeout 60s;
proxy_connect_timeout 5s;
client_max_body_size 2M;
sendfile on;
tcp_nopush on;
types_hash_max_size 2048;
server_tokens off;
server_names_hash_bucket_size 64;
include /etc/nginx/mime.types;
default_type application/octet-stream;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256>
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
gzip on;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
include /etc/nginx/block_bad_robots.conf;
server {
listen 443 ssl;
server_name sw.contoso.com;
error_log /var/log/nginx/sw.contoso.com.error.log;
access_log /var/log/nginx/sw.contoso.com.access.log;
ssl_certificate /etc/certs/manual-fullchain.pem;
ssl_certificate_key /etc/certs/manual-privkey.pem;
ssl_dhparam /etc/certs/dhparams.pem;
location ~ \.php$ {
return 403;
}
location ~* \.cgi {
return 403;
}
location ~* (\.env|\.aws) {
return 403;
}
location ~* ^/wp {
return 403;
}
location ^~ / {
if ($bad_robots) {
return 403;
}
proxy_pass https://192.168.10.1:443;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /Settings {
if ($bad_robots) {
return 403;
}
client_max_body_size 100M;
proxy_pass https://192.168.10.1:443;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
error_page 400 401 402 403 404 500 502 503 504 =200 /error/unauthorized.html;
location = /error/unauthorized.html {
internal;
alias /etc/nginx/html/error/;
try_files /unauthorized.html =404;
access_log /var/log/nginx/error.log;
}
}
}
https://nginx.org/r/location
location ^~ / {evitar correspondência com locais de regexp. Basta remover^~.