• 技术文章 >后端开发 >PHP问题

    nginx php403错误怎么解决

    藏色散人藏色散人2022-11-23 09:59:54原创100

    nginx php403错误的解决办法:1、修改文件权限或开启selinux;2、修改php-fpm.conf,加入需要的文件扩展名;3、修改php.ini内容为“cgi.fix_pathinfo = 0”;4、重启php-fpm即可。

    php入门到就业线上直播课:进入学习

    本教程操作环境:linux5.9.8系统、PHP8.1版、Dell G3电脑。

    nginx php403错误怎么解决?

    nginx + php 403 原因分析

    问题:

    配置的网站,访问出现报错:Access Denied (403)

    常见解决方法:

    1、文件权限问题

    可能是文件权限问题,没有读权限。

    或者selinux没有关闭。

    2、security.limit_extensions

    查看nginx的错误日志error.log,发现有如下错误:

    2016/07/07 10:20:13 [error] 17710#0: *2145 FastCGI sent in stderr: "Access to the script '/home/www/game/10313156.html' has been denied (see security.limi
    t_extensions)" while reading response header from......

    从5.3.9开始,php官方加入了一个配置"security.limit_extensions",默认只允许执行扩展名为".php"的文件,造成了其他类型的文件不支持的问题。

    官方说明 :

    ; Limits the extensions of the main script FPM will allow to parse. This can
    ; prevent configuration mistakes on the web server side. You should only limit
    ; FPM to .php extensions to prevent malicious users to use other extensions to
    ; exectute php code.
    ; Note: set an empty value to allow all extensions.
    ; Default Value: .php
    ;security.limit_extensions = .php .php3 .php4 .php5

    修改php-fpm.conf:(加入需要的文件扩展名)

    security.limit_extensions = .php .html .js .css .jpg .jpeg .gif .png .htm

    3、cgi.fix_pathinfo

    通过这种url访问,显示Acess denied 错误。

    nginx错误日志:

    2016/07/08 09:47:12 [error] 24297#0: *3348 FastCGI sent in stderr: "Access to the script '/home/www/home.php/game/qr' has been denied (see security.limit_extensions)" while reading response header......

    修改php.ini :(cgi.fix_pathinfo 默认为1 )

    cgi.fix_pathinfo = 1

    官方说明 :

    ; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI.  PHP's
    ; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok
    ; what PATH_INFO is.  For more information on PATH_INFO, see the cgi specs.  Setting
    ; this to 1 will cause PHP CGI to fix its paths to conform to the spec.  A setting
    ; of zero causes PHP to behave as before.  Default is 1.  You should fix your scripts
    ; to use SCRIPT_FILENAME rather than PATH_TRANSLATED.
    ; http://php.net/cgi.fix-pathinfo

    其实cgi.fix_pathinfo = 1 会引发文件类型错误解析漏洞,建议是设置 cgi.fix_pathinfo = 0 。

    ( 关于漏洞的理解:

      当cgi.fix_pathinfo=1时,访问路径:/foo.jpg/file.php ,如果file.php文件不存在,则php解析器会试图猜测你要执行哪个文件,沿着路径往回找。如果foo.jpg存在, 并且包含php代码,php解析器就会去执行foo.jpg 。

      当cgi.fix_pathinfo=0时,PHP 解释器仅尝试给出的路径,如果文件没有找到就停止处理。

    )

    但将 cgi.fix_pathinfo = 0 ,可能会导致很多MVC框架(如ThinkPHP)无法正常运行。

    4、

    在php.ini上设置了:open_basedir=/home:/tmp/:/proc/

    重启php-fpm

    访问网页,按ctrl + F5频繁刷新的时候,会报 Access Denied错误。Access Denied是偶尔才会出现,不是一直403 。

    nginx错误日志记录:

    2016/07/09 08:32:40 [error] 26954#0: *2127721 FastCGI sent in stderr: "PHP message: PHP Warning:  Unknown: open_basedir restriction in effect. File(/home/www/touch/web/index.php) is not within the allowed path(s): (/home/wwwroot:/tmp/:/proc/) in Unknown on line 0
    PHP message: PHP Warning:  Unknown: failed to open stream: Operation not permitted in Unknown on line 0
    Unable to open primary script: /home/www/touch/web/index.php (Permission denied)" while reading response header from upstream, client: 117.136.1.22, server: test.hjq.com, request: "GET /index.php?c=Zs&a=getcontent HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "test.hjq.com"

    2、In your nginx config file set fastcgi_pass to your socket address (e.g. unix:/var/run/php-fpm/php-fpm.sock;) instead of your server address and port.
    3、Check your SCRIPT_FILENAME fastcgi param and set it according to the location of your files.
    4、In your nginx config file include fastcgi_split_path_info ^(.+\.php)(/.+)$; in the location block where all the other fastcgi params are defined.

    推荐学习:《PHP视频教程

    以上就是nginx php403错误怎么解决的详细内容,更多请关注php中文网其它相关文章!

    声明:本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系admin@php.cn核实处理。

    前端(VUE)零基础到就业课程:点击学习

    清晰的学习路线+老师随时辅导答疑

    自己动手写 PHP MVC 框架:点击学习

    快速了解MVC架构、了解框架底层运行原理

    专题推荐:nginx php
    上一篇:kail怎么安装php 下一篇:自己动手写 PHP MVC 框架(40节精讲/巨细/新人进阶必看)

    相关文章推荐

    • ❤️‍🔥共22门课程,总价3725元,会员免费学• ❤️‍🔥接口自动化测试不想写代码?• phpmyadmin出现403错误怎么办?• PHP下打开phpMyAdmin出现403错误怎么办• phpstudy V8 报403错误怎么办• php中403是什么报错
    1/1

    PHP中文网