alanorth/ansible-personal
1
0
Fork 0
Code Issues 4 Pull Requests Projects Releases Wiki Activity

roles/nginx: Add protection for PHP scripts in uploads directory

Browse Source 
By the way, :? starts a non-capturing group (ie, don't save the
back references).

Signed-off-by: Alan Orth <alan.orth@gmail.com>
This commit is contained in:
Alan Orth 2015-02-26 17:05:50 +03:00
parent 19f5b60cb7
commit cd65475d0d
Signed by: alanorth
GPG Key ID: 0FB860CC9C45B1B9
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
roles/nginx/templates/wordpress.j2
View File

@ -13,6 +13,13 @@
# Add trailing slash to */wp-admin requests. # Add trailing slash to */wp-admin requests.
rewrite /wp-admin$ $scheme://$host$uri/ permanent; rewrite /wp-admin$ $scheme://$host$uri/ permanent;
# Deny access to any files with a .php extension in the uploads directory
# Works in sub-directory installs and also in multisite network
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
location ~* /(?:uploads|files)/.*\.php$ {
deny all;
}
# Yoast SEO plugin # Yoast SEO plugin
# https://yoast.com/wordpress/plugins/seo/ # https://yoast.com/wordpress/plugins/seo/
rewrite ^/sitemap_index\.xml$ /index.php?sitemap=1 last; rewrite ^/sitemap_index\.xml$ /index.php?sitemap=1 last;