The upload Directory of the image files on the website is often set to only upload files but not execute files, that is, the execution permission must be disabled.
This section describes how to configure the nginx Upload directory permission and disable the execution permission.
Nginx disables directory php file execution permission
The following configurations are added to the nginx server.
The code is as follows: |
Copy code |
Location ~ /Attachments/. *. (php | php5 )? $ { Deny all; } |
Disable the php file execution permission in the attachments Directory
2. Multiple directories
The code is as follows: |
Copy code |
Location ~ /(Attachments | upload)/. *. (php | php5 )? $ { Deny all; } |
Disable the permission to execute php files in the attachments and upload directories.
The code is as follows: |
Copy code |
Server { Listen 80; Server_name xxxx.com; Index index.html index.htm index. php default.html default.htm default. php; Root/home/wwwroot/xxxx.com; Include none. conf; # Matching multiple Upload directories Location ~ ^/(Upload | Upload1) { # The matched file contains at most two. More file location ~ "([.] {2,}) $" { Deny all; } # Configure php and php5 suffixes Location ~ ". (Php | php5) $" { Deny all; } } Location ~ . *. (Php | php5 )? $ { Try_files $ uri = 404; Fastcgi_pass unix:/tmp/php-cgi.sock; Fastcgi_index index. php; Fcinclude GI. conf; } Location ~ . *. (Gif | jpg | jpeg | png | bmp | swf) $ { Expires 30d; } Location ~ . *. (Js | css )? $ { Expires 12 h; } Access_log off; } |
After configuration, reload nginx again.
The php execution permission in the dedecms directory is configured as follows:
The code is as follows: |
Copy code |
Location ~ /Mm/(data | uploads | templets)/*. (php) $ { Deny all; } Location ~ . Php $ { Try_files $ uri/404.html; Fastcgi_pass 127.0.0.1: 9000; Fastcgi_index index. php; Fastcgi_param SCRIPT_FILENAME $ document_root $ fastcgi_script_name; Includefagi_params; } |
1. A single directory
Apache prohibits directory execution of PHP files
Run PHP in Apache mode. You can add the following code to the vhosts configuration file:
The code is as follows: |
Copy code |
<Directory/www/www.fkblog.org/upload> Php_flag engine off </Directory> <Directory ~ "^/Www/. */upload"> <Files ~ ". Php"> Order allow, deny Deny from all </Files> </Directory> |
Disable PHP file execution permission in the upload Directory