Mobile app version of vmapp.org
Login or Join
Sue5673885

: Nginx deny-all fails to execute PHP code in 403.html I want to deny access to some directories and files, so I use the deny_all option to return a 403.html page. However, it does not allow

@Sue5673885

Posted in: #Configuration #Nginx #Php

I want to deny access to some directories and files, so I use the deny_all option to return a 403.html page. However, it does not allow me to execute any PHP code in that page.

Something to do with "internal"? Should I use "return" or "error_page" instead?

Here's my config, any other suggestions appreciated...

#
# Redirect all to www
#
server
{
listen 80;

server_name site.com;
return 301 $scheme://www.site.com$request_uri;
}

#
# Validate and process requests
#
server
{
listen 80;

server_name site.com *.site.com;

root /var/www/site.com;
index index.html;
#
# Error and Access logs
#
error_log /var/log/nginx/error.site.log notice;
access_log /var/log/nginx/access.site.log;

error_page 403 /Src/403.html;
location = /Src/403.html
{
internal;
}

error_page 404 /Src/404.html;
location = /Src/404.html
{
internal;
}

location /
{
try_files $uri $uri/ =404;
}

location ~ .(py|sh|tgz|xml)$
{
deny all;
}

location ~ .(html|php)$
{
include fastcgi.conf;
fastcgi_split_path_info ^(.+.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.html;
try_files $uri.html $uri.php $uri/ =404;
}

10.01% popularity Vote Up Vote Down


Login to follow query

More posts by @Sue5673885

1 Comments

Sorted by latest first Latest Oldest Best

 

@Miguel251

The problem is the location itself. nginx chooses one location process a request. In the case of /Src/403.html, the location = /Src/404.html block takes precedence over the location ~ .(html|php)$ block, which means that none of the PHP directives are included. See this document for details.

If you care that the /Src/403.html URI remains internal, include the necessary directives into that location block. For example:

error_page 403 /Src/403.html;
location = /Src/403.html
{
internal;
include fastcgi.conf;
fastcgi_pass unix:/var/run/php5-fpm.sock;
}


Otherwise, you can just delete the entire location block, in which case, the /Src/403.html URI will be processed by the location ~ .(html|php)$ block.

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme