Opened 13 years ago
Closed 13 years ago
#167 closed defect (invalid)
order of locations with regular expressions
| Reported by: | openid.yandex.ru/dyadyamax | Owned by: | somebody |
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | nginx-core | Version: | 1.2.x |
| Keywords: | location | Cc: | |
| uname -a: | |||
| nginx -V: |
built by gcc 4.3.2 (Debian 4.3.2-1.1)
TLS SNI support enabled configure arguments: --prefix=/opt/nginx --with-http_ssl_module --with-http_gzip_static_module --with-openssl=/usr/src/openssl/openssl-1.0.1c |
||
Description
steps:
- setup 2 rules:
~
location ~ /\. { deny all; }
location ~* \.(php|pl|py)$ { include php-fpm_proxy; }
~
- send request "http://my_host/.z/foo"
- send request "http://my_host/.z/index.php"
expect to happen: both request result = 403 forbidden
actually happens:
- = 403 forbidden
- result of executed script
But your help has: "Then regular expressions are checked, in the order of their appearance in a configuration file. A search of regular expressions terminates on the first match, and the corresponding configuration is used."
http://nginx.org/en/docs/http/ngx_http_core_module.html#location
Change History (5)
comment:1 by , 13 years ago
comment:2 by , 13 years ago
here is all 'location's for my site:
location ~ /\. { include vhosts/subconf/allow_no_one; }
location ^~ /tmp/!private/ { include vhosts/subconf/allow_no_one; }
location ^~ /!x-zone/ { include vhosts/subconf/allow_admins; }
location ^~ /pages/ { include vhosts/subconf/php-fpm_proxy; }
location /direct/ { access_log off; }
location /tmp/public/ { access_log off; }
# deny from access to .ht*-files
location ~ /\.ht[a-z]+$ {
access_log off;
deny all;
}
# direct access to images, css, javascript and archives
location ~* /[^/]+\.(jpg|jpeg|gif|png|ico|css|bmp|swf|js|gz|zip|rar|txt|html|xml)$ {
access_log off;
}
# direct access to scripts
location ~* \.(php|pl|py|jsp|sh|bash|c|cgi)$ {
include vhosts/subconf/php-fpm_proxy;
}
location / {
include vhosts/subconf/php-fpm_proxy;
}
comment:3 by , 13 years ago
Which requests do you use in actual testing? What's in logs for these requests? And again: it's really good idea to provide self-consistent config and logs produced with it, as show in my first reply.
comment:4 by , 13 years ago
You can close this ticket as bogus.
My mistake. On every change in config I did:
- nginx -t -c "new config"
- "kill -HUP", if previous was without errors.
First command, in my case, did not talk about any errors, but second did not reloaded config, because of errors... In result I always checked old config :/
Works ok here. Could you please provide *full* config to reproduce the problem? I.e. minimal self-consistent nginx.conf needed, something like this:
events {} http { server { listen 8080; location ~ /\. { deny all; } location ~* \.(php|pl|py)$ { return 200 "php"; } } }The above config correctly returns 403 for both "/.z/foo" and "/.z/index.php" requests here: