nginx php403錯誤怎麼解決

nginx php403錯誤的解決方法：1、修改檔案權限或開啟selinux；2、修改php-fpm.conf，加入所需的檔案副檔名；3、修改php.ini內容為「cgi.fix_pathinfo = 0”；4、重啟php-fpm即可。

本教學操作環境：linux5.9.8系統、PHP8.1版、Dell G3電腦。

nginx php403錯誤怎麼解決？

nginx php 403 原因分析

 

問題：

設定的網站，存取出現錯誤：Access Denied (403) 

 

常見解決方法:

1、檔案權限問題

可能是檔案權限問題，沒有讀取權限。

或selinux沒有關閉。

 

2、security.limit_extensions

#查看nginx的錯誤日誌error.log，發現有下列錯誤：

2016/07/07 10:20:13 [error] 17710#0: *2145 FastCGI sent in stderr: "Access to the script '/home/www/game/10313156.html' has been denied (see security.limi
t_extensions)" while reading response header from......

從5.3.9開始， php官方加入了一個配置"security.limit_extensions"，預設只允許執行擴展名為".php"的文件，造成了其他類型的文件不支援的問題。

官方說明：

; Limits the extensions of the main script FPM will allow to parse. This can
; prevent configuration mistakes on the web server side. You should only limit
; FPM to .php extensions to prevent malicious users to use other extensions to
; exectute php code.
; Note: set an empty value to allow all extensions.
; Default Value: .php
;security.limit_extensions = .php .php3 .php4 .php5

修改php-fpm.conf：（加入需要的檔案副檔名）

security.limit_extensions = .php .html .js .css .jpg .jpeg .gif .png .htm

 

3、cgi.fix_pathinfo

透過這種url訪問，顯示Acess denied 錯誤。

nginx錯誤日誌：

2016/07/08 09:47:12 [error] 24297#0: *3348 FastCGI sent in stderr: "Access to the script '/home/www/home.php/game/qr' has been denied (see security.limit_extensions)" while reading response header......

 

修改php.ini ：（cgi.fix_pathinfo 預設為1 ）

cgi.fix_pathinfo = 1

官方說明：

; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI.  PHP's
; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok
; what PATH_INFO is.  For more information on PATH_INFO, see the cgi specs.  Setting
; this to 1 will cause PHP CGI to fix its paths to conform to the spec.  A setting
; of zero causes PHP to behave as before.  Default is 1.  You should fix your scripts
; to use SCRIPT_FILENAME rather than PATH_TRANSLATED.
; http://php.net/cgi.fix-pathinfo

其實cgi.fix_pathinfo = 1 會引發檔案類型錯誤解析漏洞，建議是設定cgi.fix_pathinfo = 0 。

( 關於漏洞的理解：

　　當cgi.fix_pathinfo=1時，存取路徑：/foo.jpg/file.php ，如果file.php檔案不存在，則php解析器會試著猜測你要執行哪個文件，沿著路徑往回找。如果foo.jpg存在，並且包含php程式碼，php解析器就會去執行foo.jpg 。

　　當cgi.fix_pathinfo=0時，PHP 解釋器僅嘗試給出的路徑，如果檔案沒有找到就停止處理。

)

但將cgi.fix_pathinfo = 0 ，可能會導致很多MVC框架（如ThinkPHP ）無法正常運作。

 

 4、

在php.ini設定了：open_basedir=/home:/tmp/:/proc/

重啟php-fpm

造訪網頁，按ctrl F5頻繁刷新的時候，會報Access Denied錯誤。 Access Denied是偶爾才會出現，而且不是一直403 。

nginx錯誤日誌記錄：

2016/07/09 08:32:40 [error] 26954#0: *2127721 FastCGI sent in stderr: "PHP message: PHP Warning:  Unknown: open_basedir restriction in effect. File(/home/www/touch/web/index.php) is not within the allowed path(s): (/home/wwwroot:/tmp/:/proc/) in Unknown on line 0
PHP message: PHP Warning:  Unknown: failed to open stream: Operation not permitted in Unknown on line 0
Unable to open primary script: /home/www/touch/web/index.php (Permission denied)" while reading response header from upstream, client: 117.136.1.22, server: test.hjq.com, request: "GET /index.php?c=Zs&a=getcontent HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "test.hjq.com"

 

 

2、In your nginx config file set fastcgi_pass to your socket address (e.g. unix:/var/run/php-fpm/php-fpm.sock;) instead of your server address and port.
3、Check your SCRIPT_FILENAME fastcgi param and set it according to the location of your files.
4、In your nginx config file include fastcgi_split_path_info ^(.+\.php)(/.+)$; in the location block where all the other fastcgi params are defined.

推薦學習：《PHP影片教學》

以上是nginx php403錯誤怎麼解決的詳細內容。更多資訊請關注PHP中文網其他相關文章！