Php page returns 450
Mik J
mikydevel at yahoo.fr
Sat Jul 23 20:17:33 UTC 2022
Hello,
After taking a rest I found the solution.
There was this directive placed a few lines beforelocation ~ /log { deny all; return 404; }
And the /logout.php page was marching that directive.
I have replaced it bylocation /log { deny all; return 404; }Which hopefully will help to protect access to anypage inside the /log directory.
Thank you
Le samedi 23 juillet 2022 à 12:04:56 UTC+2, Mik J via nginx <nginx at nginx.org> a écrit :
Hello,
I use an application named Cacti and everything works well except the logout.php page
So when I try to accesshttps://example.org/index.phphttps://example.org/graph_view.phpIt works, code http is 200
But when I access the logout.php page a page 404 is returnedGET /logout.php HTTP/2.0
For php pages I use this location ~ \.php$ {
try_files $uri =450;
fastcgi_pass unix:/run/php-fpm.cacti.sock;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
limit_except GET HEAD POST { deny all; }
}
So I would expect a 450 code
If I add this line location = /logout.php { return 405; } before that stanza, a 405 code is returned location = /logout.php { return 405; }
location ~ \.php$ {
try_files $uri =450;
fastcgi_pass unix:/run/php-fpm.cacti.sock;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
limit_except GET HEAD POST { deny all; }
}
So it matches my location
My location ~ \.php$ { doesn't seem to mach when the logout.php page is accessed and I don't understand why
Do you have any advice ?
Thank you
_______________________________________________
nginx mailing list -- nginx at nginx.org
To unsubscribe send an email to nginx-leave at nginx.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20220723/2058bd95/attachment.htm>
More information about the nginx
mailing list