rewrite rules cms phpwcms not working

Francis Daly francis at daoine.org
Tue Feb 24 20:37:58 UTC 2015


On Mon, Feb 23, 2015 at 01:51:41PM -0500, dansch8888 wrote:

Hi there,

> after some testing I use this rules now. These are working fine with my
> environment.

That's good to hear.

> location ^~ /config/phpwcms/	{ deny all; }
> location ^~ /filearchive/	{ deny all; }
> location ^~ /upload/	{ deny all; }
> location ~ /\. { access_log off; log_not_found off; deny all; }
> location / {
> 	try_files $uri @phpwcms;
> }
> location @phpwcms {
> 	fastcgi_pass unix:/var/run/php5-fpm/default.sock;
> 	include fastcgi_params;
> 	fastcgi_param SCRIPT_FILENAME $document_root/index.php;
> 	fastcgi_param QUERY_STRING $bit_of_qs&$query_string;
> }
> location ~* ^.+\.php$ { return 404; }

> I hope this rules will catch all the following needs.
> 1. Deny access to folders /config/phpwcms, /filearchive, /upload

Yes.

> 2. Deny all hidden files

Filenames that start with a dot, yes.

> 3. Rewrite /index.php...

I'm not sure what exactly you mean by that. A request for /file that
does not exist will be handled by the fastcgi server processing index.php.

> 4. Ignore and do not show any other php file at root folder or any other sub
> folder to the internet

*any* php request. So if you ask for /index.php directly, you will get 404.

> Is there something that should be improved?

If it shows what you want and hides what you want, it is probably right.

A minor thing is that the ^.+ in the final regex location is probably
unnecessary.

> One thing that is still happen is the following error message. No idea which
> "undefined constant Y" means.
> 
> **Nginx Error Log**
> [error] 2798#0: *14 FastCGI sent in stderr: "PHP message: PHP Notice:  Use
> of undefined constant Y - assumed 'Y' in
> /xxx/xxx/xxx/xxx/public_html/include/inc_front/front.func.inc.php(2287) :

That sounds like a php error. Does the same thing happen when the
application is run in its "native" environment of apache/mod_php? Or
in the apache/fastcgi environment? If not, you could investigate the
differences.

I suspect you're more likely to get useful on the application mailing list.

Good luck with it,

	f
-- 
Francis Daly        francis at daoine.org



More information about the nginx mailing list