Allow internal redirect to URI x, but deny external request for x?
J. Lewis Muir
jlmuir at imca-cat.org
Fri Aug 30 18:20:31 UTC 2019
On 08/30, J. Lewis Muir wrote:
> I initially tried using the alias directive which I thought was a better
> fit for what I wanted to do
>
> location /my-app/ {
> alias /srv/www/my-app/current/;
> index index.php;
> }
>
> location /my-app/current/ {
> return 404;
> }
>
> location /my-app/releases/ {
> return 404;
> }
>
> location ~ ^/my-app/(.*?[^/]\.php(?:/.*|$)) {
> alias /srv/www/my-app/current/$1;
> include php-fpm-realpath.conf;
> }
>
> But that didn't seem to work with the nginx FastCGI implementation.
What exactly didn't work when I tried the alias directive, based on the
error log, seems to be that somewhere there's a file op on
/srv/www/my-app/releases/1.0.2/index.php/my-app/index.php
which is a wrong path; it should be
/srv/www/my-app/releases/1.0.2/index.php
In my php-fpm-realpath.conf, I have
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $realpath_root$fastcgi_script_name) {
return 404;
}
...
fastcgi_param DOCUMENT_ROOT $realpath_root;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
...
I'm wondering if the fastcgi_split_path_info function or the if
directive is what's emitting the file op message in the error log which
would mean that one or both of $realpath_root or $fastcgi_script_name
are not set to what I expect. (?)
Here are the relevant lines from the error log with the debug option:
test location: "/my-app/"
test location: ~ "^/my-app/(.*?[^/]\.php(?:/.*|$))"
using configuration "/my-app/"
open index "/srv/www/my-app/current/index.php"
internal redirect: "/my-app/index.php?"
rewrite phase: 1
test location: "/my-app/"
test location: ~ "^/my-app/(.*?[^/]\.php(?:/.*|$))"
using configuration "^/my-app/(.*?[^/]\.php(?:/.*|$))"
rewrite phase: 3
http script complex value
http script copy: "/srv/www/my-app/current/"
http script capture: "index.php"
http script copy: "/srv/www/my-app/current/"
http script capture: "index.php"
http script var: "/srv/www/my-app/releases/1.0.2/index.php"
http script var: "/my-app/index.php"
http script copy: ""
http script var: "/my-app/index.php"
http script copy: ""
http script file op 0000000000000001 "/srv/www/my-app/releases/1.0.2/index.php/my-app/index.php"
http script if
http finalize request: 404, "/my-app/index.php?" a:1, c:2
http special response: 404, "/my-app/index.php?"
http set discard body
xslt filter header
HTTP/1.1 404 Not Found
Thank you!
Lewis
More information about the nginx
mailing list