Hello,
After taking a rest I found the solution.
There was this directive placed a few lines beforelocation ~ /log { deny all;
return 404; }
And the /logout.php page was marching that directive.
I have replaced it bylocation /log { deny all; return 404; }Which hopefully
will help to protect access to anypage inside the /log directory.
Thank you
Le samedi 23 juillet 2022 à 12:04:56 UTC+2, Mik J via nginx
<nginx@nginx.org> a écrit :
Hello,
I use an application named Cacti and everything works well except the
logout.php page
So when I try to
accesshttps://example.org/index.phphttps://example.org/graph_view.phpIt works,
code http is 200
But when I access the logout.php page a page 404 is returnedGET /logout.php
HTTP/2.0
For php pages I use this location ~ \.php$ {
try_files $uri =450;
fastcgi_pass unix:/run/php-fpm.cacti.sock;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME
$document_root$fastcgi_script_name;
include fastcgi_params;
limit_except GET HEAD POST { deny all; }
}
So I would expect a 450 code
If I add this line location = /logout.php { return 405; } before that stanza, a
405 code is returned location = /logout.php { return 405; }
location ~ \.php$ {
try_files $uri =450;
fastcgi_pass unix:/run/php-fpm.cacti.sock;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME
$document_root$fastcgi_script_name;
include fastcgi_params;
limit_except GET HEAD POST { deny all; }
}
So it matches my location
My location ~ \.php$ { doesn't seem to mach when the logout.php page is
accessed and I don't understand why
Do you have any advice ?
Thank you
_______________________________________________
nginx mailing list -- nginx@nginx.org
To unsubscribe send an email to nginx-le...@nginx.org
_______________________________________________
nginx mailing list -- nginx@nginx.org
To unsubscribe send an email to nginx-le...@nginx.org
