Changes between Version 1 and Version 2 of Ticket #1223, comment 2
- Timestamp:
- 03/21/17 15:52:46 (8 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #1223, comment 2
v1 v2 1 1 You seem to misunderstand the problem here. It doesn't matter that it's a PHP script that is being executed; it could be any file. The problem is the combination of a try_files fallback in combination with resolving the error pages, which did not exist. nginx will ignore the deny all; statement when resolving for the error pages, thus falling back to index.php in my example, as configured by try_files. But again: this could be any file, and that file would be delivered with a 404 response code, despite nginx being instructed to deny access. 2 3 A request timeline (which might not be correct 100%, as I don't know the nginx source code - this is just what I figured out from debugging this): 4 1) GET /internal/ => 403, via deny all 5 2) GET /errorpage/403.html => 404, so via try_files try next: 6 3) GET /errorpage/403.html/ => 404, so via try_files try next: 7 4) GET /index.php => exists, but is returned with 404 status code
