How to Disable PHP Execution in Specific Directories Under Nginx on Linux
nginx php securitydisable php executionnginx configurationupload directory protectiondeny all nginx
Published·Modified·
For security reasons, we generally disable the execution of PHP scripts in upload directories.
Modify the nginx.conf configuration file.
Disable a Single Directory:
location ~* ^/attachments/.*.(php|php5)$ {
deny all;
}
Disable Multiple Directories:
location ~* ^/(attachments|upload)/.*.(php|php5)$ {
deny all;
}
Important Notes:
- The configuration code above must be placed before the
location ~ .php{...}block. If placed below it, the rule will be ineffective. - The path (e.g.,
attachments) must be a relative path, not an absolute path. - Do not forget to restart Nginx after making changes:
service nginx restart