How can I protect access to specific php files at the root of my website

greg0ire asked:

I want to restrict access to (and only to) using nginx. What can I try? For the moment, I managed to do that but the php file is no longer interpreted by php-fpm.

location ~ \.php($|/) {
    location ~ ^/ws(_dev)?\.php {
      auth_basic "User synchronisation webservice > please login";
      auth_basic_user_file /home/symfony/instances/somesite/ws_access;
    set  $script     $uri;
    set  $path_info  "";

    if ($uri ~ "^(.+\.php)(/.*)") {
      set  $script     $1;
      set  $path_info  $2;
    add_header X-Response-Host;
    include /etc/nginx/fastcgi_params;
    fastcgi_param  SCRIPT_FILENAME  /home/symfony/instances/somesite/service/web$script;
    fastcgi_param  PATH_INFO   $path_info;
    fastcgi_param  SCRIPT_NAME $script;
    fastcgi_param  SERVER_PORT "80";

My answer:

You need to repeat the fastcgi_* directives in your new location /protected.php block.

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.