configuration – Nginx config: Block access to common url across multiple virtual hosts
I’ve just inherited a server running nginx with many WordPress sites on it. We’ve just discovered we are getting constant hacking attacks on xmlrpc.php
across all the WordPress sites.
Our nginx is configured with multiple config files and nested includes. Each web site is a virtual host and has its own config file.
For example:
/etc/nginx/nginx.conf: (top level)
...
...
include /etc/nginx/conf.d/*.conf;
/etc/nginx/conf.d/: has multiple .conf files, one of which has the following line:
include /etc/nginx/conf.d/vhosts.d/*.conf;
/etc/nginx/conf.d/vhosts.d/: <individual conf files for each WP site and other sites>
I was able to block xmlrpc by updating one of the virtual host conf files with:
location = /xmlrpc.php {
deny all;
}
My question is whether I can just copy this to the top-level nginx.conf
file, so that it will be inherited automatically into all the virtual host confs, and thereby globally block this file across all sites?
Read more here: Source link