500 Internal Server Error
maxim88
nginx-forum at nginx.us
Fri Jan 30 10:09:25 UTC 2015
Добрый день!
Есть два вида ссылок:
http://domen.ly/tds/0d25 - nginx отдает 500 Internal Server Error
http://domen.ly/tds/?0d25 - такую ссылку обрабатывает корректно
Подскажите, где ошибка в конфиге и что нужно добавить-убрать, чтобы ссылка
http://domen.ly/tds/0d25 обрабатывалась без ошибок?
--------
server {
server_name domen.ly www.domen.ly;
listen 198.198.198.198;
port_in_redirect off;
server_tokens off;
autoindex off;
client_max_body_size 15m;
client_body_buffer_size 128k;
root /var/www/www.domen.ly/html/;
index index.php index.html;
try_files $uri $uri/ /index.php?$args;
# Define default caching of 24h
expires 3600s;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
# deliver a static 404
error_page 404 /404.html;
location /404.html {
internal;
}
# Deliver 404 instead of 403 "Forbidden"
error_page 403 = 404;
# Do not allow access to files giving away your WordPress version
location ~ /(\.|wp-config.php|readme.html|licence.txt) {
return 404;
}
# Add trailing slash to */wp-admin requests.
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
# Don't log robots.txt requests
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Rewrite for versioned CSS+JS via filemtime
location ~* ^.+\.(css|js)$ {
rewrite ^(.+)\.(\d+)\.(css|js)$ $1.$3 last;
expires 31536000s;
access_log off;
log_not_found off;
add_header Pragma public;
add_header Cache-Control "max-age=31536000, public";
}
# Aggressive caching for static files
# If you alter static files often, please use
# add_header Cache-Control "max-age=31536000, public, must-revalidate,
proxy-revalidate";
location ~* \.(jpg|jpeg|png|gif|css|js|ico)$ {
expires 31536000s;
access_log off;
log_not_found off;
add_header Pragma public;
add_header Cache-Control "max-age=31536000, public";
}
# pass PHP scripts to Fastcgi listening on Unix socket
# Do not process them if inside WP uploads directory
# If using Multisite or a custom uploads directory,
# please set the */uploads/* directory in the regex below
location ~* (^(?!(?:(?!(php|inc)).)*/uploads/).*?(php)) {
try_files $uri = 404;
fastcgi_split_path_info ^(.+.php)(.*)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_intercept_errors on;
fastcgi_ignore_client_abort off;
fastcgi_connect_timeout 60;
fastcgi_send_timeout 180;
fastcgi_read_timeout 180;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 128k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 128k;
}
# Deny access to hidden files
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
# block-exploits-sql-injections-file-injections-spam-user-agents-etc
## Block SQL injections
set $block_sql_injections 0;
if ($query_string ~ "union.*select.*\(") {
set $block_sql_injections 1;
}
if ($query_string ~ "union.*all.*select.*") {
set $block_sql_injections 1;
}
if ($query_string ~ "concat.*\(") {
set $block_sql_injections 1;
}
if ($block_sql_injections = 1) {
return 403;
}
## Block file injections
set $block_file_injections 0;
if ($query_string ~ "[a-zA-Z0-9_]=http://") {
set $block_file_injections 1;
}
if ($query_string ~ "[a-zA-Z0-9_]=(\.\.//?)+") {
set $block_file_injections 1;
}
if ($query_string ~ "[a-zA-Z0-9_]=/([a-z0-9_.]//?)+") {
set $block_file_injections 1;
}
if ($block_file_injections = 1) {
return 403;
}
## Block common exploits
set $block_common_exploits 0;
if ($query_string ~ "(<|%3C).*script.*(>|%3E)") {
set $block_common_exploits 1;
}
if ($query_string ~ "GLOBALS(=|\[|\%[0-9A-Z]{0,2})") {
set $block_common_exploits 1;
}
if ($query_string ~ "_REQUEST(=|\[|\%[0-9A-Z]{0,2})") {
set $block_common_exploits 1;
}
if ($query_string ~ "proc/self/environ") {
set $block_common_exploits 1;
}
if ($query_string ~ "mosConfig_[a-zA-Z_]{1,21}(=|\%3D)") {
set $block_common_exploits 1;
}
if ($query_string ~ "base64_(en|de)code\(.*\)") {
set $block_common_exploits 1;
}
if ($block_common_exploits = 1) {
return 403;
}
}
Posted at Nginx Forum: http://forum.nginx.org/read.php?21,256357,256357#msg-256357
Подробная информация о списке рассылки nginx-ru