WebFaction
Community site: login faq

I'm trying to serve the static files from a Wordpress installation and I'm using a symbolic link placed in the NGINX folder pointing to the wp-content/uploads folder.

Every file is being served correctly, but unfortunately there are some plugins that include some of their .php files inside this folder, so NGINX serve them as static files, leading to potential security risks.

Is there any way to instruct NGINX to return a Forbidden 403 error when trying to access .php files?

Thanks in advance.

asked 20 Sep '11, 13:23

zlapper
312
accept rate: 0%


You can't make Nginx return a 403 for those files.

Instead, you can use a second symlink app to serve those PHP files via Apache.

For example, if you have some PHP file at /home/zlapper/webapps/wp/wp-content/uploads/someplugin/whatever.php you can do this:

  1. Create a new symlink app, using 'Symbolic link to static/cgi/php app' as the app type and "/home/zlapper/webapps/wp/wp-content/uploads/someplugin" as the symlink path
  2. Add that app to your site with "/wp-content/uploads/someplugin" as the URL path.

That way, requests for http://yourdomain.com/wp-content/uploads/someplugin/whatever.php will be served by Apache and have the PHP processed normally, so Nginx won't serve the PHP as a static file.

Hope that helps!

permanent link

answered 20 Sep '11, 15:44

seanf
12.2k41836
accept rate: 37%

thanks a lot, that works! :)

(20 Sep '11, 16:50) zlapper
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×186
×33
×12

question asked: 20 Sep '11, 13:23

question was seen: 4,234 times

last updated: 20 Sep '11, 16:50

WEBFACTION
REACH US
SUPPORT
AFFILIATE PROGRAM
LEGAL
© COPYRIGHT 2003-2019 SWARMA LIMITED - WEBFACTION IS A SERVICE OF SWARMA LIMITED
REGISTERED IN ENGLAND AND WALES 5729350 - VAT REGISTRATION NUMBER 877397162
5TH FLOOR, THE OLD VINYL FACTORY, HAYES, UB3 1HA, UNITED KINGDOM