I got this error. Obviously I want to use ckfinder for file upload.
Access to the script '/var/www/example.com/public/admin/scripts/vendor/ckfinder
/core/connector/php' has been denied (see security.limit_extensions) while reading
response header from upstream, client: x.x.x.x, server:
example.com, request: "GET /admin/scripts/vendor/ckfinder/core/
connector/php/connector.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000",
host: "example.com"
I already set security.limit_extensions to .php. I've looked at Access denied (403) for PHP files with Nginx + PHP-FPM and I tried most of them (except the fix_pathinfo) with no luck. Until I notice the script path in the error message, the GET request from connector.php is in the php/ directory. I think the problem is nginx sees this directory name as script and tries to run it, not sure.
This is my nginx server block.
server {
listen 80;
root /var/www/example.com/public;
index index.html index.htm index.php app.php app_dev.php;
# Make site accessible from ...
server_name example.com;
access_log /var/log/nginx/example.com-access.log;
error_log /var/log/nginx/example.com-error.log error;
charset utf-8;
location / {
# try_files \$uri \$uri/ /app.php?\$query_string /index.php?\$query_string;
try_files $uri $uri/ /index.php?\$query_string;
}
location = /favicon.ico { log_not_found off; access_log off; }
location = /robots.txt { access_log off; log_not_found off; }
error_page 404 /index.php;
location = /admin/scripts/vendor/ckfinder/core/connector/php/connector.php {
try_files $uri =404;
fastcgi_split_path_info ^(.+.php)(/.+)$;
# With php5-fpm:
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param LARA_ENV local; # Environment variable for Laravel
fastcgi_param HTTPS off;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+.php)(/.+)$;
# With php5-fpm:
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param LARA_ENV local; # Environment variable for Laravel
fastcgi_param HTTPS off;
}
# Deny .htaccess file access
location ~ /\.ht {
deny all;
}
}
My question is how to instruct nginx to know that php/ is a path, not a script?
You have error in fastcgi_split_path_info directive. Regular expression .+.php will match these strings: at least 1 character, then any character, then text "php".
You need to escape the dot (\.), so it doesn't mean any character, but only the dot itself.
So the correct syntax should be:
fastcgi_split_path_info ^(.+\.php)(/.+)$;