Score:0

Nginx config: Block access to common url across multiple virtual hosts

cn flag

I've just inherited a server running nginx with many Wordpress sites on it. We've just discovered we are getting constant hacking attacks on xmlrpc.php across all the WordPress sites.

Our nginx is configured with multiple config files and nested includes. Each web site is a virtual host and has its own config file.

For example:

    /etc/nginx/nginx.conf: (top level)
       ...
       ...
       include /etc/nginx/conf.d/*.conf;
    
    /etc/nginx/conf.d/: has multiple .conf files, one of which has the following line:
       include /etc/nginx/conf.d/vhosts.d/*.conf;
    
   /etc/nginx/conf.d/vhosts.d/:  <individual conf files for each WP site and other sites>

I was able to block xmlrpc by updating one of the virtual host conf files with:

location = /xmlrpc.php {
  deny all;
}

My question is whether I can just copy this to the top-level nginx.conf file, so that it will be inherited automatically into all the virtual host confs, and thereby globally block this file across all sites?

Jaromanda X avatar
ru flag
having read the [documentation](https://nginx.org/en/docs/http/ngx_http_core_module.html#location) - no - `location` setting can only be used inside `server` or `location` context
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.