HI,

I want to configure our nginx to be a little more paranoid concerning file access.

Right now, i am using rules like :

location /includes {
allow 127.0.0.1;
deny all;
}

... but i need to repeat this kind of rules for every folders, and then restrict access to the php files inside. So our rules file is too long, complicated and getting very messy. Also, this doesn't protect the php files, only the folders. so i need to add more and more rules, always.

The php files a visitor require to be able to reach directly are in / (like index.php, login.php, etc..)

I would like to restrict every other files to 127.0.0.1, and then add some rules to allow all traffic only where required.

But i cannot figure out how i can achieve this with nginx. I'm pretty sure there is a single rule that can do this. :D

Any help will be very appreciated, and may help may others i am sure to be more secure

Thank you,

Carl