Allowing a Particular PHP file to run from a folder for API

netnaps

Hi, I am using a plugin that connects media library of Unsplash, pixabay etc from an images folder that has a PHP file called external.php, as on WordOps security I get an error 403 Forbidden, this I know .php files are blocked by default on WordOps,

I need help with allowing the particular external.php file, the path is

/var/www/my.tld/htdocs/wp-content/uploads/api_data/addons/images/external.php

I have read the docs on NGINX that say "=" points to an exact file, so what should I have in the server block and where?

As for location.conf file says a wo update command will set the file to default again, so I don't want the same to change.

I have 2 sites on a VPS, and the API is pointed to /external.php=someapicodeskey12345

Kindly Help

jond1

Is there a reason why you need the .php folder in the uploads directory vs in the wp-content/plugins? That does seem like a security risk, I would advise against allowing php files to execute in the uploads directory.