nginx "Access to the script 'xxx/xxx/php' has been denied (see security.limit_extensions)"
nginx "Access to the script 'xxx/xxx/php' has been denied (see security.limit_extensions)"
我遇到了这个错误。显然我想用ckfinder来上传文件。
Access to the script '/var/www/example.com/public/admin/scripts/vendor/ckfinder
/core/connector/php' has been denied (see security.limit_extensions) while reading
response header from upstream, client: x.x.x.x, server:
example.com, request: "GET /admin/scripts/vendor/ckfinder/core/
connector/php/connector.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000",
host: "example.com"
我已经将 security.limit_extensions 设置为 .php。我查看了 Access denied (403) for PHP files with Nginx + PHP-FPM 并尝试了大部分(fix_pathinfo 除外)但没有成功。在我注意到错误消息中的脚本路径之前,来自 connector.php 的 GET 请求位于 php/ 目录中。我认为问题是 nginx 将此目录名称视为脚本并尝试 运行 它,不确定。
这是我的 nginx 服务器块。
server {
listen 80;
root /var/www/example.com/public;
index index.html index.htm index.php app.php app_dev.php;
# Make site accessible from ...
server_name example.com;
access_log /var/log/nginx/example.com-access.log;
error_log /var/log/nginx/example.com-error.log error;
charset utf-8;
location / {
# try_files $uri $uri/ /app.php?$query_string /index.php?$query_string;
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { log_not_found off; access_log off; }
location = /robots.txt { access_log off; log_not_found off; }
error_page 404 /index.php;
location = /admin/scripts/vendor/ckfinder/core/connector/php/connector.php {
try_files $uri =404;
fastcgi_split_path_info ^(.+.php)(/.+)$;
# With php5-fpm:
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param LARA_ENV local; # Environment variable for Laravel
fastcgi_param HTTPS off;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+.php)(/.+)$;
# With php5-fpm:
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param LARA_ENV local; # Environment variable for Laravel
fastcgi_param HTTPS off;
}
# Deny .htaccess file access
location ~ /\.ht {
deny all;
}
}
我的问题是如何让nginx知道php/是路径,不是脚本?
您在 fastcgi_split_path_info 指令中有错误。正则表达式 .+.php 将匹配这些字符串:至少 1 个字符,然后是任意字符,然后是文本 "php".
您需要转义圆点 (\.),因此它不表示任何字符,而仅表示圆点本身。
所以正确的语法应该是:
fastcgi_split_path_info ^(.+\.php)(/.+)$;
我遇到了这个错误。显然我想用ckfinder来上传文件。
Access to the script '/var/www/example.com/public/admin/scripts/vendor/ckfinder
/core/connector/php' has been denied (see security.limit_extensions) while reading
response header from upstream, client: x.x.x.x, server:
example.com, request: "GET /admin/scripts/vendor/ckfinder/core/
connector/php/connector.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000",
host: "example.com"
我已经将 security.limit_extensions 设置为 .php。我查看了 Access denied (403) for PHP files with Nginx + PHP-FPM 并尝试了大部分(fix_pathinfo 除外)但没有成功。在我注意到错误消息中的脚本路径之前,来自 connector.php 的 GET 请求位于 php/ 目录中。我认为问题是 nginx 将此目录名称视为脚本并尝试 运行 它,不确定。
这是我的 nginx 服务器块。
server {
listen 80;
root /var/www/example.com/public;
index index.html index.htm index.php app.php app_dev.php;
# Make site accessible from ...
server_name example.com;
access_log /var/log/nginx/example.com-access.log;
error_log /var/log/nginx/example.com-error.log error;
charset utf-8;
location / {
# try_files $uri $uri/ /app.php?$query_string /index.php?$query_string;
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { log_not_found off; access_log off; }
location = /robots.txt { access_log off; log_not_found off; }
error_page 404 /index.php;
location = /admin/scripts/vendor/ckfinder/core/connector/php/connector.php {
try_files $uri =404;
fastcgi_split_path_info ^(.+.php)(/.+)$;
# With php5-fpm:
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param LARA_ENV local; # Environment variable for Laravel
fastcgi_param HTTPS off;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+.php)(/.+)$;
# With php5-fpm:
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param LARA_ENV local; # Environment variable for Laravel
fastcgi_param HTTPS off;
}
# Deny .htaccess file access
location ~ /\.ht {
deny all;
}
}
我的问题是如何让nginx知道php/是路径,不是脚本?
您在 fastcgi_split_path_info 指令中有错误。正则表达式 .+.php 将匹配这些字符串:至少 1 个字符,然后是任意字符,然后是文本 "php".
您需要转义圆点 (\.),因此它不表示任何字符,而仅表示圆点本身。
所以正确的语法应该是:
fastcgi_split_path_info ^(.+\.php)(/.+)$;