Restrict NGINX Directory Access
WHMCS uses a .htaccess
file to protect the /vendor/
directory, but NGINX® does not read .htaccess
files. Because of this, the directory loses its protection on servers that runs NGINX. If your server uses NGINX, you must take additional steps to protect sensitive directories.
.htaccess
files will not apply to your system and you must perform the additional steps below.Restricting Directory Access
For cPanel & WHM version 84 and Later
In cPanel & WHM version 84 and later, you can use cPanel’s Directory Privacy interface (Home » cPanel » Files » Directory Privacy) to add protection to this directory.
To protect the directory, perform the following steps:
- Select the
/whmcs/vendor
directory in cPanel’s Directory Privacy interface (Home » cPanel » Files » Directory Privacy). - Select Password protect this directory.
- Enter a display label for Enter a name for the protected directory.This name only functions as a label for the directory. Do not confuse it with the directory’s actual name.
- Click Save. A confirmation message will appear. Click Go Back to return to the directory’s configuration.
For All Other Control Panels
To restrict directory access on servers that run cPanel & WHM version 82 and earlier or on other hosting control panels:
- Log in to the web server.
- Locate the NGINX configuration template.
- Add the
deny
directive to the top of theserver
block of your site’s configuration:server { location ^~ /vendor/ { deny all; return 403; } ... }
- Save your changes and restart NGINX.
Locating the NGINX Configuration File
NGINX has a very flexible configuration organization. Because of this, your configuration file may be in a number of different places:
Server Type | Default or Most Common Locations |
---|---|
cPanel & WHM | /etc/nginx/conf.d/users/<username>.conf |
Debian® and Ubuntu |
|
Other Servers | See below. |
Other Servers
If you do not find the configuration file in any of the above locations:
Run the following command on your server:
nginx -t
The output will display the current directory path to your server’s NGINX configuration file. For example:
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful
To check whether the NGINX configuration file contains any
include
directives, run the following command:grep include /etc/nginx/nginx.conf
If the
grep
command does not return any output, you can proceed with your changes to the configuration. Theserver
directive will exist in the file that you found in step 1.If the
grep
command returns any results, you must check each include file for the server directive. For example, this output would require you to check all four include files forserver
directives:include /etc/nginx/modules-enabled/*.conf; include /etc/nginx/mime.types; include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*;
Restarting NGINX
After making any configuration changes to NGINX, you must reload the NGINX configuration by restarting NGINX.
Server Type or OS | Command to Restart NGINX |
---|---|
cPanel & WHM | /usr/local/cpanel/scripts/restartsrv_nginx |
CentOS 6 | /etc/init.d/nginx reload |
CentOS 7 | systemctl reload nginx.service |
Debian and Ubuntu | systemctl reload nginx |
Last modified: November 19, 2024