XF 2.2 Nginx Secure Install Directory

[cloudpro]

Hello

we are trying to prevent access to the install/upgrade directory in Nginx. We have the follow config in our nginx server block.

location /community/install/ {
    internal;
}

Our XF is in a subdirectory /community

If we browse to https://ourpublicdomain.com/community/install we receive a 404 which is what we want. However if we use the direct link

https://ourpublicdomain.com/community/install/index.php?upgrade/

then the upgrade page appears.

Can someone provide some insight as to the prevent public access besides securing it with a password.

Thank you

 

[Brent W]

Hello

we are trying to prevent access to the install/upgrade directory in Nginx. We have the follow config in our nginx server block.

location /community/install/ {
    internal;
}

Our XF is in a subdirectory /community

If we browse to https://ourpublicdomain.com/community/install we receive a 404 which is what we want. However if we use the direct link

https://ourpublicdomain.com/community/install/index.php?upgrade/

then the upgrade page appears.

Can someone provide some insight as to the prevent public access besides securing it with a password.

Thank you

Try:

location ^~ /community/install/ {

 

[cloudpro]

Try:

location ^~ /community/install/ {

Thank you so much. Confirmed it works now and prevents access.
Perfect!!!!!