PHP files being downloaded on condition

Igor Sysoev igor at sysoev.ru
Tue Aug 2 06:23:11 UTC 2011


On Tue, Aug 02, 2011 at 01:35:41AM -0400, Samael wrote:
> Hello, guys,
> 
> Another Apache convert here. My 3rd day with nginx and loving it.
> 
> I have a nginx + php-fpm setup. The problem is that nginx downloads the
> PHP scripts without being parsed instead of passing them to php-fpm - so
> far I have discovered that happening only with Chrome's 14.0.835
> (64bit), otherwise it works just fine; there is no difference whether
> php-fpm is running or not, so I think it is safe to assume that the
> scripts are not being passed to the backend at all. The relevant
> (hopefuly configuration):
> 
> 
>         location ~ \/[0-9a-zA-Z]+\.php$ {
>             try_files $uri =404;
>             fastcgi_split_path_info ^(.+\.php)(/.+)$;
>             include fastcgi_params;
>             fastcgi_index index.php;
>             fastcgi_param PATH_INFO $fastcgi_path_info;
>             fastcgi_param PATH_TRANSLATED
> $document_root$fastcgi_script_name;
>             fastcgi_param SCRIPT_FILENAME
> $document_root$fastcgi_script_name;
>             fastcgi_intercept_errors on;
>             if ($uri ~*
> \/(images?|system|download|upload|cache|logs?)\/(.*\/)?[0-9a-z]+\.php$)
> {
>                 return 404;
>             }
>             fastcgi_pass php-fpm;
>         }
> 
>         location /url/ {
>                 alias /dir/url/;
>                 index index.php;
> 
>                 if ($request_uri ~* \.(ico|css|js|gif|jpe?g|png)$) {
>                         expires 30d;
>                         break;
>                 }
>                 if (-f $request_filename) {
>                         break;
>                 }}
> 
> Any ideas? How can I prevent such things from happening, providing some
> failsafe, disallowing php files' download? I have so far come out with
> that, protecting only possible configuration files:
> 
>         location ~ (/\.|.*conf.*\.php) {
>             deny all;
>         }
> 
> But I would like a more generic approach, if possible.

Your .htaccess style configuration is not easy to understand.
Could you describe in words what you want to get ?


-- 
Igor Sysoev



More information about the nginx mailing list