<html><head></head><body><div class="ydp60fc08f7yahoo-style-wrap" style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:16px;"><div></div>
<div dir="ltr" data-setdir="false">Hello,</div><div dir="ltr" data-setdir="false"><br></div><div dir="ltr" data-setdir="false">After taking a rest I found the solution.</div><div dir="ltr" data-setdir="false"><br></div><div dir="ltr" data-setdir="false">There was this directive placed a few lines before</div><div dir="ltr" data-setdir="false"><span>location ~ /log { deny all; return 404; }</span><br></div><div dir="ltr" data-setdir="false">And the /logout.php page was marching that directive.</div><div dir="ltr" data-setdir="false"><br></div><div dir="ltr" data-setdir="false">I have replaced it by</div><div dir="ltr" data-setdir="false"><span><span>location /log { deny all; return 404; }</span></span></div><div dir="ltr" data-setdir="false">Which hopefully will help to protect access to anypage inside the /log directory.</div><div dir="ltr" data-setdir="false"><br></div><div dir="ltr" data-setdir="false">Thank you<br></div>
</div><div id="yahoo_quoted_8805467513" class="yahoo_quoted">
<div style="font-family:'Helvetica Neue', Helvetica, Arial, sans-serif;font-size:13px;color:#26282a;">
<div>
Le samedi 23 juillet 2022 à 12:04:56 UTC+2, Mik J via nginx <nginx@nginx.org> a écrit :
</div>
<div><br></div>
<div><br></div>
<div><div id="yiv1129941585"><div><div style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:16px;" class="yiv1129941585yahoo-style-wrap"><div dir="ltr">Hello,</div><div dir="ltr"><br></div><div dir="ltr">I use an application named Cacti and everything works well except the logout.php page</div><div dir="ltr"><br></div><div dir="ltr">So when I try to access</div><div dir="ltr">https://example.org/index.php</div><div dir="ltr">https://example.org/<span>graph_view.php</span></div><div dir="ltr">It works, code http is 200</div><div dir="ltr"><br></div><div dir="ltr">But when I access the logout.php page a page 404 is returned</div><div dir="ltr"><span>GET /logout.php HTTP/2.0</span></div><div dir="ltr"><br></div><div dir="ltr">For php pages I use this</div><div dir="ltr"><div dir="ltr"> location ~ \.php$ {<br> try_files $uri =450;<br> fastcgi_pass unix:/run/php-fpm.cacti.sock;<br> fastcgi_split_path_info ^(.+\.php)(/.+)$;<br> fastcgi_index index.php;<br> fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;<br> include fastcgi_params;<br> limit_except GET HEAD POST { deny all; }<br> }<br><div>So I would expect a 450 code</div><div><br></div><div dir="ltr">If I add this line <span>location = /logout.php { return 405; } </span>before that stanza, a 405 code is returned</div><div dir="ltr"><div> location = /logout.php { return 405; }<br> location ~ \.php$ {<br> try_files $uri =450;<br> fastcgi_pass unix:/run/php-fpm.cacti.sock;<br> fastcgi_split_path_info ^(.+\.php)(/.+)$;<br> fastcgi_index index.php;<br> fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;<br> include fastcgi_params;<br> limit_except GET HEAD POST { deny all; }<br> }<br><div>So it matches my location</div><div><br></div><div dir="ltr">My location <span>~ \.php$ { doesn't seem to mach when the logout.php page is accessed and I don't understand why</span></div><div dir="ltr"><br></div><div dir="ltr">Do you have any advice ?<br></div><div dir="ltr"><br></div><div dir="ltr">Thank you</div></div></div></div><div><br></div></div><div dir="ltr"><br></div></div></div></div>_______________________________________________<br>nginx mailing list -- <a ymailto="mailto:nginx@nginx.org" href="mailto:nginx@nginx.org">nginx@nginx.org</a><br>To unsubscribe send an email to <a ymailto="mailto:nginx-leave@nginx.org" href="mailto:nginx-leave@nginx.org">nginx-leave@nginx.org</a><br></div>
</div>
</div></body></html>