Hello, I have few wordpress instalations on one vhost:
location /pl {
try_files $uri $uri/ /pl/index.php?$args;
}
# Add trailing slash to */wp-admin requests.
rewrite /pl/wp-admin$ $scheme://$host$uri/index.php permanent;
location /en {
try_files $uri $uri/ /en/index.php?$args;
}
# Add trailing slash to */wp-admin requests.
rewrite /en/wp-admin$ $scheme://$host$uri/index.php permanent;
location /dev {
try_files $uri $uri/ /en/index.php?$args;
}
# Add trailing slash to */wp-admin requests.
rewrite /dev/wp-admin$ $scheme://$host$uri/index.php permanent;
set $user_login wiki;
include /etc/nginx/templates.d/wordpress-subdirectory.conf;
File /etc/nginx/templates.d/wordpress-subdirectory.conf has:
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Deny all attempts to access hidden files such as .htaccess, .htpasswd,
.DS_Store (Mac).
# Keep logging the requests to parse later (or to pass to firewall utilities
such as fail2ban)
location ~ /\. {
deny all;
}
# Deny access to any files with a .php extension in the uploads directory
# Works in sub-directory installs and also in multisite network
# Keep logging the requests to parse later (or to pass to firewall utilities
such as fail2ban)
location ~* /(?:uploads|files)/.*\.php$ {
deny all;
}
# Directives to send expires headers and turn off 404 error logging.
location ~*
^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$
{
access_log off; log_not_found off; expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
if ( $wordpress_norun_subdir ) {
return 403;
}
include /etc/nginx/fastcgi_params;
fastcgi_index index.php;
fastcgi_pass unix:/var/run/$user_login.php-fpm.socket;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param REMOTE_USER $remote_user;
}
In location ~ [^/]\.php(/|$) I have:
if ( $wordpress_norun_subdir ) {
return 403;
}
. $wordpress_norun_subdir is map:
map $uri $wordpress_norun {
default 1;
/index.php 0;
/wp-login.php 0;
/wp-blog-header.php 0;
/wp-cron.php 0;
/wp-includes/js/tinymce/wp-mce-help.php 0;
...
/xmlrpc.php 0;
/wp-load.php 0;
/wp-settings.php 0;
/wp-admin/about.php 0;
/wp-admin/admin-ajax.php 0;
/wp-admin/admin-footer.php 0;
/wp-admin/admin-functions.php 0;
/wp-admin/admin-header.php 0;
/wp-admin/admin.php 0;
/wp-admin/admin-post.php 0;
...
}
This map works fine when I run wordpress on root directory, but if I have
wordpress in subdir it doesn't. I can change paths in map to: ~/.*/index.php,
but this can run files: /index.php, /wp-admin/index.php,
/any_hacker_stuff/index.php. Of course, I don't want allow run this last file
;) I thinks I can change location /en to /en(.*) and set $wordpress_path $1;
and change $uri to $wordpress_path, but on location /en(.*) wordpress friendly
URL don't works.
--
Pozdrawiam,
Marcin Janowski
Specjalista ds. Systemów IT
Centrum Przetwarzania Danych - Lublin
Dział Rozwiązań Systemowych
T: + 48 81 535 30 00, w. 366
e-mail: [email protected]
________________________________
Powyższa korespondencja przeznaczona jest wyłącznie dla osoby lub podmiotu, do
którego jest adresowana i może zawierać informacje o charakterze poufnym lub
zastrzeżonym. Nieuprawnione wykorzystanie informacji zawartych w wiadomości
e-mail przez osobę lub podmiot nie będący jej adresatem jest zabronione
odpowiednimi przepisami prawa. Odbiorca korespondencji, który otrzymał ją
omyłkowo, proszony jest o niezwłoczne zawiadomienie nadawcy drogą elektroniczną
lub telefonicznie i usunięcie tej treści z poczty elektronicznej. Dziękujemy.
Asseco Business Solutions S.A.
________________________________
Weź pod uwagę ochronę środowiska, zanim wydrukujesz ten e-mail.
________________________________
This information is intended only for the person or entity to which it is
addressed and may contain confidential and/or privileged material. Unauthorized
use of this information by person or entity other than the intended recipient
is prohibited by law. If you received this by mistake, please immediately
contact the sender by e-mail or by telephone and delete this information from
any computer. Thank you. Asseco Business Solutions S.A.
________________________________
Please consider your environmental responsibility before printing this e-mail.
_______________________________________________
nginx mailing list
[email protected]
http://mailman.nginx.org/mailman/listinfo/nginx
