PHP files being downloaded on condition
Igor Sysoev
igor at sysoev.ru
Tue Aug 2 06:23:11 UTC 2011
On Tue, Aug 02, 2011 at 01:35:41AM -0400, Samael wrote:
> Hello, guys,
>
> Another Apache convert here. My 3rd day with nginx and loving it.
>
> I have a nginx + php-fpm setup. The problem is that nginx downloads the
> PHP scripts without being parsed instead of passing them to php-fpm - so
> far I have discovered that happening only with Chrome's 14.0.835
> (64bit), otherwise it works just fine; there is no difference whether
> php-fpm is running or not, so I think it is safe to assume that the
> scripts are not being passed to the backend at all. The relevant
> (hopefuly configuration):
>
>
> location ~ \/[0-9a-zA-Z]+\.php$ {
> try_files $uri =404;
> fastcgi_split_path_info ^(.+\.php)(/.+)$;
> include fastcgi_params;
> fastcgi_index index.php;
> fastcgi_param PATH_INFO $fastcgi_path_info;
> fastcgi_param PATH_TRANSLATED
> $document_root$fastcgi_script_name;
> fastcgi_param SCRIPT_FILENAME
> $document_root$fastcgi_script_name;
> fastcgi_intercept_errors on;
> if ($uri ~*
> \/(images?|system|download|upload|cache|logs?)\/(.*\/)?[0-9a-z]+\.php$)
> {
> return 404;
> }
> fastcgi_pass php-fpm;
> }
>
> location /url/ {
> alias /dir/url/;
> index index.php;
>
> if ($request_uri ~* \.(ico|css|js|gif|jpe?g|png)$) {
> expires 30d;
> break;
> }
> if (-f $request_filename) {
> break;
> }}
>
> Any ideas? How can I prevent such things from happening, providing some
> failsafe, disallowing php files' download? I have so far come out with
> that, protecting only possible configuration files:
>
> location ~ (/\.|.*conf.*\.php) {
> deny all;
> }
>
> But I would like a more generic approach, if possible.
Your .htaccess style configuration is not easy to understand.
Could you describe in words what you want to get ?
--
Igor Sysoev
More information about the nginx
mailing list