Php page returns 450

Mik J mikydevel at yahoo.fr
Sat Jul 23 20:17:33 UTC 2022 

 Hello,
After taking a rest I found the solution.
There was this directive placed a few lines beforelocation ~ /log { deny all; return 404; }
And the /logout.php page was marching that directive.
I have replaced it bylocation /log { deny all; return 404; }Which hopefully will help to protect access to anypage inside the /log directory.
Thank you
    Le samedi 23 juillet 2022 à 12:04:56 UTC+2, Mik J via nginx <nginx at nginx.org> a écrit :  
 
 Hello,
I use an application named Cacti and everything works well except the logout.php page
So when I try to accesshttps://example.org/index.phphttps://example.org/graph_view.phpIt works, code http is 200
But when I access the logout.php page a page 404 is returnedGET /logout.php HTTP/2.0
For php pages I use this   location ~ \.php$ {
            try_files           $uri =450;
            fastcgi_pass        unix:/run/php-fpm.cacti.sock;
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
            fastcgi_index       index.php;
            fastcgi_param       SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include             fastcgi_params;
            limit_except        GET HEAD POST { deny all; }
   }
So I would expect a 450 code
If I add this line location = /logout.php { return 405; } before that stanza, a 405 code is returned   location = /logout.php { return 405; }
   location ~ \.php$ {
            try_files           $uri =450;
            fastcgi_pass        unix:/run/php-fpm.cacti.sock;
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
            fastcgi_index       index.php;
            fastcgi_param       SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include             fastcgi_params;
            limit_except        GET HEAD POST { deny all; }
   }
So it matches my location
My location ~ \.php$ { doesn't seem to mach when the logout.php page is accessed and I don't understand why
Do you have any advice ?

Thank you

_______________________________________________
nginx mailing list -- nginx at nginx.org
To unsubscribe send an email to nginx-leave at nginx.org
  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20220723/2058bd95/attachment.htm>

More information about the nginx mailing list