acl "Whitelist" ip address not blocking php files #259
Description
Hi,
First of all well done creating this great tool and thanks for making it available to us.
I have playing for a few hours and I think I found an issue.
After installing and creating a site using --wpsc switch it ask for http username and pass foir the ee folder (which I think is because it can't workout my IP from my ssh session)
I am ok with that part, however when I go and edit the /etc/nginx/common/acl.conf
file and remove http access and make sure that my ip is not white listed then I can't access the folder (as expected) but if go directly to the php file then I can access the tool (with broken images :)) but it works.
I think this is major security issue (for me at least) so to fix it for now I edit the 22222 site config using
ee site edit 22222
and added the acl line to the php block (looking like this)
location ~ .php$ {
include common/acl.conf;
try_files $uri =404;
include fastcgi_params;
fastcgi_pass php;
}
Hope this helps to fix it and that is clear enough.
Thanks again