roles/nginx: Add protection for PHP scripts in uploads directory

By the way, :? starts a non-capturing group (ie, don't save the
back references).

Signed-off-by: Alan Orth <alan.orth@gmail.com>
This commit is contained in:
Alan Orth 2015-02-26 17:05:50 +03:00
parent 19f5b60cb7
commit cd65475d0d
Signed by: alanorth
GPG Key ID: 0FB860CC9C45B1B9

View File

@ -13,6 +13,13 @@
# Add trailing slash to */wp-admin requests.
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
# Deny access to any files with a .php extension in the uploads directory
# Works in sub-directory installs and also in multisite network
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
location ~* /(?:uploads|files)/.*\.php$ {
deny all;
}
# Yoast SEO plugin
# https://yoast.com/wordpress/plugins/seo/
rewrite ^/sitemap_index\.xml$ /index.php?sitemap=1 last;