How can I protect access to specific php files at the root of my website

greg0ire asked:

I want to restrict access to (and only to) http://mysite.com/protected.php using nginx. What can I try? For the moment, I managed to do that but the php file is no longer interpreted by php-fpm.

location ~ .php($|/) {
    location ~ ^/ws(_dev)?.php {
      auth_basic "User synchronisation webservice > please login";
      auth_basic_user_file /home/symfony/instances/somesite/ws_access;
    }
    set  $script     $uri;
    set  $path_info  "";

    if ($uri ~ "^(.+.php)(/.*)") {
      set  $script     $1;
      set  $path_info  $2;
    }
    add_header X-Response-Host somesite.com;
    fastcgi_pass   127.0.0.1:8300;
    include /etc/nginx/fastcgi_params;
    fastcgi_param  SCRIPT_FILENAME  /home/symfony/instances/somesite/service/web$script;
    fastcgi_param  PATH_INFO   $path_info;
    fastcgi_param  SCRIPT_NAME $script;
    fastcgi_param  SERVER_PORT "80";
  }

My answer:


You need to repeat the fastcgi_* directives in your new location /protected.php block.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.