Allow internal redirect to URI x, but deny external request for x?

J. Lewis Muir jlmuir at imca-cat.org
Fri Aug 30 18:20:31 UTC 2019


On 08/30, J. Lewis Muir wrote:
> I initially tried using the alias directive which I thought was a better
> fit for what I wanted to do
> 
>   location /my-app/ {
>     alias /srv/www/my-app/current/;
>     index index.php;
>   }
> 
>   location /my-app/current/ {
>     return 404;
>   }
> 
>   location /my-app/releases/ {
>     return 404;
>   }
> 
>   location ~ ^/my-app/(.*?[^/]\.php(?:/.*|$)) {
>     alias /srv/www/my-app/current/$1;
>     include php-fpm-realpath.conf;
>   }
> 
> But that didn't seem to work with the nginx FastCGI implementation.

What exactly didn't work when I tried the alias directive, based on the
error log, seems to be that somewhere there's a file op on

  /srv/www/my-app/releases/1.0.2/index.php/my-app/index.php

which is a wrong path; it should be

  /srv/www/my-app/releases/1.0.2/index.php

In my php-fpm-realpath.conf, I have

  fastcgi_split_path_info ^(.+?\.php)(/.*)$;
  if (!-f $realpath_root$fastcgi_script_name) {
    return 404;
  }
  ...
  fastcgi_param DOCUMENT_ROOT $realpath_root;
  fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
  ...

I'm wondering if the fastcgi_split_path_info function or the if
directive is what's emitting the file op message in the error log which
would mean that one or both of $realpath_root or $fastcgi_script_name
are not set to what I expect. (?)

Here are the relevant lines from the error log with the debug option:

  test location: "/my-app/"
  test location: ~ "^/my-app/(.*?[^/]\.php(?:/.*|$))"
  using configuration "/my-app/"
  open index "/srv/www/my-app/current/index.php"
  internal redirect: "/my-app/index.php?"
  rewrite phase: 1
  test location: "/my-app/"
  test location: ~ "^/my-app/(.*?[^/]\.php(?:/.*|$))"
  using configuration "^/my-app/(.*?[^/]\.php(?:/.*|$))"
  rewrite phase: 3
  http script complex value
  http script copy: "/srv/www/my-app/current/"
  http script capture: "index.php"
  http script copy: "/srv/www/my-app/current/"
  http script capture: "index.php"
  http script var: "/srv/www/my-app/releases/1.0.2/index.php"
  http script var: "/my-app/index.php"
  http script copy: ""
  http script var: "/my-app/index.php"
  http script copy: ""
  http script file op 0000000000000001 "/srv/www/my-app/releases/1.0.2/index.php/my-app/index.php"
  http script if
  http finalize request: 404, "/my-app/index.php?" a:1, c:2
  http special response: 404, "/my-app/index.php?"
  http set discard body
  xslt filter header
  HTTP/1.1 404 Not Found

Thank you!

Lewis


More information about the nginx mailing list