Opened 12 years ago
Closed 12 years ago
#167 closed defect (invalid)
order of locations with regular expressions
Reported by: | openid.yandex.ru/dyadyamax | Owned by: | somebody |
---|---|---|---|
Priority: | major | Milestone: | |
Component: | nginx-core | Version: | 1.2.x |
Keywords: | location | Cc: | |
uname -a: | |||
nginx -V: |
built by gcc 4.3.2 (Debian 4.3.2-1.1)
TLS SNI support enabled configure arguments: --prefix=/opt/nginx --with-http_ssl_module --with-http_gzip_static_module --with-openssl=/usr/src/openssl/openssl-1.0.1c |
Description
steps:
- setup 2 rules:
~
location ~ /\. { deny all; }
location ~* \.(php|pl|py)$ { include php-fpm_proxy; }
~
- send request "http://my_host/.z/foo"
- send request "http://my_host/.z/index.php"
expect to happen: both request result = 403 forbidden
actually happens:
- = 403 forbidden
- result of executed script
But your help has: "Then regular expressions are checked, in the order of their appearance in a configuration file. A search of regular expressions terminates on the first match, and the corresponding configuration is used."
http://nginx.org/en/docs/http/ngx_http_core_module.html#location
Change History (5)
comment:1 by , 12 years ago
comment:2 by , 12 years ago
here is all 'location's for my site:
location ~ /\. { include vhosts/subconf/allow_no_one; } location ^~ /tmp/!private/ { include vhosts/subconf/allow_no_one; } location ^~ /!x-zone/ { include vhosts/subconf/allow_admins; } location ^~ /pages/ { include vhosts/subconf/php-fpm_proxy; } location /direct/ { access_log off; } location /tmp/public/ { access_log off; } # deny from access to .ht*-files location ~ /\.ht[a-z]+$ { access_log off; deny all; } # direct access to images, css, javascript and archives location ~* /[^/]+\.(jpg|jpeg|gif|png|ico|css|bmp|swf|js|gz|zip|rar|txt|html|xml)$ { access_log off; } # direct access to scripts location ~* \.(php|pl|py|jsp|sh|bash|c|cgi)$ { include vhosts/subconf/php-fpm_proxy; } location / { include vhosts/subconf/php-fpm_proxy; }
comment:3 by , 12 years ago
Which requests do you use in actual testing? What's in logs for these requests? And again: it's really good idea to provide self-consistent config and logs produced with it, as show in my first reply.
comment:4 by , 12 years ago
You can close this ticket as bogus.
My mistake. On every change in config I did:
- nginx -t -c "new config"
- "kill -HUP", if previous was without errors.
First command, in my case, did not talk about any errors, but second did not reloaded config, because of errors... In result I always checked old config :/
Works ok here. Could you please provide *full* config to reproduce the problem? I.e. minimal self-consistent nginx.conf needed, something like this:
The above config correctly returns 403 for both "/.z/foo" and "/.z/index.php" requests here: