我需要允许在我的Nginx 1.6.0 Web服务器上访问2个文件:
[www.example.com/piwik.php] [1]
[www.example.com/piwik.js] [2]
其他一切都需要被阻止。使用正确的位置指令是什么?我有以下内容,它只是部分工作:
# allow everyone to access piwik.php
location ~ /piwik.php$ {
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# allow everyone to access piwik.js
location ~ /piwik.js$ {
root html;
index index.html index.htm;
}
# The below appears to allow index.php to load, but blocks
# files beneath it (e.g. js/file1.js, imgs/pic1.jpg) so the page
# is only half-rendered and I see a bunch of 403's in my NGINX logs.
# People are still able to access the half-loaded index.php webform
# and login!!!
location / {
allow 192.168.1.1
deny all;
root html;
index index.php index.html index.htm;
}
以下访问日志:
1.2.3.4 - - [04/May/2014:20:04:22 -0400] "GET
/libs/jquery/stylesheets/jquery.smartbanner.css?cb=ef21e462d0300ea546811bec0ee6a912
HTTP/1.1" 403 162 "https://example.com/index.php" "Mozilla/5.0 (iPhone; CPU iPhone OS
7_1_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D201
Safari/9537.53"
1.2.3.4 - - [04/May/2014:20:04:22 -0400] "GET /plugins/Login/stylesheets/login.css?
cb=ef21e462d0300ea546811bec0ee6a912 HTTP/1.1" 403 162 "https://example.com/index.php"
"Mozilla/5.0 (iPhone; CPU iPhone OS 7_1_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML,
like Gecko) Version/7.0 Mobile/11D201 Safari/9537.53"
1.2.3.4 - - [04/May/2014:20:03:15 -0400] "GET /plugins/Morpheus/images/logo.svg
HTTP/1.1" 403 162 "https://example.com/index.php" "Mozilla/5.0 (iPhone; CPU iPhone OS
7_1_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D201
Safari/9537.53"
当用户尝试访问主页(index.php
)时,错误如下所示。
2014/05/06 14:17:51 [error] 6917#0: *385 access forbidden by rule, client: 180.76.X.X, server: example.com, request: "GET /robots.txt HTTP/1.1", host: "example.com"
2014/05/06 15:21:47 [error] 6917#0: *392 access forbidden by rule, client: 66.249.X.X, server: example.com, request: "GET / HTTP/1.1", host: "example.com"
2014/05/06 15:38:24 [error] 6917#0: *398 access forbidden by rule, client: 66.249.X.X, server: example.com, request: "GET / HTTP/1.1", host: "example.com"
2014/05/06 19:02:45 [error] 6917#0: *412 access forbidden by rule, client: 66.249.X.X, server: example.com, request: "GET / HTTP/1.1", host: "example.com"
2014/05/06 20:06:04 [error] 6917#0: *413 access forbidden by rule, client: 185.4.X.X, server: example.com, request: "GET http://24x7-allrequestsallowed.com/?PHPSESSID=1rmsxtj500143PRTJWQAY%40D%5EJFSX HTTP/1.1", host: "24x7-allrequestsallowed.com"
2014/05/06 20:09:22 [error] 6917#0: *414 access forbidden by rule, client: 66.249.X.X, server: example.com, request: "GET / HTTP/1.1", host: "example.com"