nginx php403错误的解决办法:1、修改文件权限或开启selinux;2、修改php-fpm.conf,加入需要的文件扩展名;3、修改php.ini内容为“cgi.fix_pathinfo = 0”;4、重启php-fpm即可。
本教程操作环境:linux5.9.8系统、php8.1版、dell g3电脑。
nginx php403错误怎么解决?
nginx + php 403 原因分析
问题:
配置的网站,访问出现报错:access denied (403)
常见解决方法:
1、文件权限问题
可能是文件权限问题,没有读权限。
或者selinux没有关闭。
2、security.limit_extensions
查看nginx的错误日志error.log,发现有如下错误:
2016/07/07 10:20:13 [error] 17710#0: *2145 fastcgi sent in stderr: "access to the script '/home/www/game/10313156.html' has been denied (see security.limit_extensions)" while reading response header from......
从5.3.9开始,php官方加入了一个配置"security.limit_extensions",默认只允许执行扩展名为".php"的文件,造成了其他类型的文件不支持的问题。
官方说明 :
; limits the extensions of the main script fpm will allow to parse. this can; prevent configuration mistakes on the web server side. you should only limit; fpm to .php extensions to prevent malicious users to use other extensions to; exectute php code.; note: set an empty value to allow all extensions.; default value: .php;security.limit_extensions = .php .php3 .php4 .php5
修改php-fpm.conf:(加入需要的文件扩展名)
security.limit_extensions = .php .html .js .css .jpg .jpeg .gif .png .htm
3、cgi.fix_pathinfo
通过这种url访问,显示acess denied 错误。
nginx错误日志:
2016/07/08 09:47:12 [error] 24297#0: *3348 fastcgi sent in stderr: "access to the script '/home/www/home.php/game/qr' has been denied (see security.limit_extensions)" while reading response header......
修改php.ini :(cgi.fix_pathinfo 默认为1 )
cgi.fix_pathinfo = 1
官方说明 :
; cgi.fix_pathinfo provides *real* path_info/path_translated support for cgi. php's; previous behaviour was to set path_translated to script_filename, and to not grok; what path_info is. for more information on path_info, see the cgi specs. setting; this to 1 will cause php cgi to fix its paths to conform to the spec. a setting; of zero causes php to behave as before. default is 1. you should fix your scripts; to use script_filename rather than path_translated.; http://php.net/cgi.fix-pathinfo
其实cgi.fix_pathinfo = 1 会引发文件类型错误解析漏洞,建议是设置 cgi.fix_pathinfo = 0 。
( 关于漏洞的理解:
当cgi.fix_pathinfo=1时,访问路径:/foo.jpg/file.php ,如果file.php文件不存在,则php解析器会试图猜测你要执行哪个文件,沿着路径往回找。如果foo.jpg存在, 并且包含php代码,php解析器就会去执行foo.jpg 。
当cgi.fix_pathinfo=0时,php 解释器仅尝试给出的路径,如果文件没有找到就停止处理。
)
但将 cgi.fix_pathinfo = 0 ,可能会导致很多mvc框架(如thinkphp)无法正常运行。
4、
在php.ini上设置了:open_basedir=/home:/tmp/:/proc/
重启php-fpm
访问网页,按ctrl + f5频繁刷新的时候,会报 access denied错误。access denied是偶尔才会出现,不是一直403 。
nginx错误日志记录:
2016/07/09 08:32:40 [error] 26954#0: *2127721 fastcgi sent in stderr: "php message: php warning: unknown: open_basedir restriction in effect. file(/home/www/touch/web/index.php) is not within the allowed path(s): (/home/wwwroot:/tmp/:/proc/) in unknown on line 0php message: php warning: unknown: failed to open stream: operation not permitted in unknown on line 0unable to open primary script: /home/www/touch/web/index.php (permission denied)" while reading response header from upstream, client: 117.136.1.22, server: test.hjq.com, request: "get /index.php?c=zs&a=getcontent http/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "test.hjq.com"
2、in your nginx config file set fastcgi_pass to your socket address (e.g. unix:/var/run/php-fpm/php-fpm.sock;) instead of your server address and port.3、check your script_filename fastcgi param and set it according to the location of your files.4、in your nginx config file include fastcgi_split_path_info ^(.+\.php)(/.+)$; in the location block where all the other fastcgi params are defined.
推荐学习:《php视频教程》
以上就是nginx php403错误怎么解决的详细内容。