douhuan6157 2015-07-15 14:24
浏览 185
已采纳

nginx“拒绝访问脚本'xxx / xxx / php'(请参阅security.limit_extensions)”

I got this error. Obviously I want to use ckfinder for file upload.

Access to the script '/var/www/example.com/public/admin/scripts/vendor/ckfinder
/core/connector/php' has been denied (see security.limit_extensions) while reading 
response header from upstream, client: x.x.x.x, server: 
example.com, request: "GET /admin/scripts/vendor/ckfinder/core/
connector/php/connector.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", 
host: "example.com"

I already set security.limit_extensions to .php. I've looked at Access denied (403) for PHP files with Nginx + PHP-FPM and I tried most of them (except the fix_pathinfo) with no luck. Until I notice the script path in the error message, the GET request from connector.php is in the php/ directory. I think the problem is nginx sees this directory name as script and tries to run it, not sure.

This is my nginx server block.

server {
    listen 80;

    root /var/www/example.com/public;
    index index.html index.htm index.php app.php app_dev.php;

    # Make site accessible from ...
    server_name example.com;

    access_log /var/log/nginx/example.com-access.log;
    error_log  /var/log/nginx/example.com-error.log error;

    charset utf-8;

    location / {
        # try_files \$uri \$uri/ /app.php?\$query_string /index.php?\$query_string;
        try_files $uri $uri/ /index.php?\$query_string;
    }

    location = /favicon.ico { log_not_found off; access_log off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    error_page 404 /index.php;

    location = /admin/scripts/vendor/ckfinder/core/connector/php/connector.php {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+.php)(/.+)$;
        # With php5-fpm:
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param LARA_ENV local; # Environment variable for Laravel
        fastcgi_param HTTPS off;
    }
    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+.php)(/.+)$;
        # With php5-fpm:
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param LARA_ENV local; # Environment variable for Laravel
        fastcgi_param HTTPS off;
    }

    # Deny .htaccess file access
    location ~ /\.ht {
        deny all;
    }
}

My question is how to instruct nginx to know that php/ is a path, not a script?

  • 写回答

1条回答 默认 最新

  • dt614037527 2015-07-17 19:44
    关注

    You have error in fastcgi_split_path_info directive. Regular expression .+.php will match these strings: at least 1 character, then any character, then text "php".

    You need to escape the dot (\.), so it doesn't mean any character, but only the dot itself.

    So the correct syntax should be:

      fastcgi_split_path_info ^(.+\.php)(/.+)$;
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 eclipse运行项目时遇到的问题
  • ¥15 关于#c##的问题:最近需要用CAT工具Trados进行一些开发
  • ¥15 南大pa1 小游戏没有界面,并且报了如下错误,尝试过换显卡驱动,但是好像不行
  • ¥15 没有证书,nginx怎么反向代理到只能接受https的公网网站
  • ¥50 成都蓉城足球俱乐部小程序抢票
  • ¥15 yolov7训练自己的数据集
  • ¥15 esp8266与51单片机连接问题(标签-单片机|关键词-串口)(相关搜索:51单片机|单片机|测试代码)
  • ¥15 电力市场出清matlab yalmip kkt 双层优化问题
  • ¥30 ros小车路径规划实现不了,如何解决?(操作系统-ubuntu)
  • ¥20 matlab yalmip kkt 双层优化问题