douhuan6157 2015-07-15 14:24
浏览 185
已采纳

nginx“拒绝访问脚本'xxx / xxx / php'(请参阅security.limit_extensions)”

I got this error. Obviously I want to use ckfinder for file upload.

Access to the script '/var/www/example.com/public/admin/scripts/vendor/ckfinder
/core/connector/php' has been denied (see security.limit_extensions) while reading 
response header from upstream, client: x.x.x.x, server: 
example.com, request: "GET /admin/scripts/vendor/ckfinder/core/
connector/php/connector.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", 
host: "example.com"

I already set security.limit_extensions to .php. I've looked at Access denied (403) for PHP files with Nginx + PHP-FPM and I tried most of them (except the fix_pathinfo) with no luck. Until I notice the script path in the error message, the GET request from connector.php is in the php/ directory. I think the problem is nginx sees this directory name as script and tries to run it, not sure.

This is my nginx server block.

server {
    listen 80;

    root /var/www/example.com/public;
    index index.html index.htm index.php app.php app_dev.php;

    # Make site accessible from ...
    server_name example.com;

    access_log /var/log/nginx/example.com-access.log;
    error_log  /var/log/nginx/example.com-error.log error;

    charset utf-8;

    location / {
        # try_files \$uri \$uri/ /app.php?\$query_string /index.php?\$query_string;
        try_files $uri $uri/ /index.php?\$query_string;
    }

    location = /favicon.ico { log_not_found off; access_log off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    error_page 404 /index.php;

    location = /admin/scripts/vendor/ckfinder/core/connector/php/connector.php {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+.php)(/.+)$;
        # With php5-fpm:
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param LARA_ENV local; # Environment variable for Laravel
        fastcgi_param HTTPS off;
    }
    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+.php)(/.+)$;
        # With php5-fpm:
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param LARA_ENV local; # Environment variable for Laravel
        fastcgi_param HTTPS off;
    }

    # Deny .htaccess file access
    location ~ /\.ht {
        deny all;
    }
}

My question is how to instruct nginx to know that php/ is a path, not a script?

  • 写回答

1条回答 默认 最新

  • dt614037527 2015-07-17 19:44
    关注

    You have error in fastcgi_split_path_info directive. Regular expression .+.php will match these strings: at least 1 character, then any character, then text "php".

    You need to escape the dot (\.), so it doesn't mean any character, but only the dot itself.

    So the correct syntax should be:

      fastcgi_split_path_info ^(.+\.php)(/.+)$;
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 matlab有关常微分方程的问题求解决
  • ¥15 perl MISA分析p3_in脚本出错
  • ¥15 k8s部署jupyterlab,jupyterlab保存不了文件
  • ¥15 ubuntu虚拟机打包apk错误
  • ¥199 rust编程架构设计的方案 有偿
  • ¥15 回答4f系统的像差计算
  • ¥15 java如何提取出pdf里的文字?
  • ¥100 求三轴之间相互配合画圆以及直线的算法
  • ¥100 c语言,请帮蒟蒻写一个题的范例作参考
  • ¥15 名为“Product”的列已属于此 DataTable