Hello, guys,
Another Apache convert here. My 3rd day with nginx and loving it.
I have a nginx + php-fpm setup. The problem is that nginx downloads the
PHP scripts without being parsed instead of passing them to php-fpm - so
far I have discovered that happening only with Chrome’s 14.0.835
(64bit), otherwise it works just fine; there is no difference whether
php-fpm is running or not, so I think it is safe to assume that the
scripts are not being passed to the backend at all. The relevant
(hopefuly configuration):
location ~ \/[0-9a-zA-Z]+\.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_index index.php;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED
$document_root$fastcgi_script_name;
fastcgi_param SCRIPT_FILENAME
$document_root$fastcgi_script_name;
fastcgi_intercept_errors on;
if ($uri ~*
/(images?|system|download|upload|cache|logs?)/(.*/)?[0-9a-z]+.php$)
{
return 404;
}
fastcgi_pass php-fpm;
}
location /url/ {
alias /dir/url/;
index index.php;
if ($request_uri ~* \.(ico|css|js|gif|jpe?g|png)$) {
expires 30d;
break;
}
if (-f $request_filename) {
break;
}}
Any ideas? How can I prevent such things from happening, providing some
failsafe, disallowing php files’ download? I have so far come out with
that, protecting only possible configuration files:
location ~ (/\.|.*conf.*\.php) {
deny all;
}
But I would like a more generic approach, if possible.
Thank you for your time.
Posted at Nginx Forum: