0

I currently have setup an Nginx location block that matches a uri if and only if it starts and ends with /auth/test.php. The only match would be http://host/auth/test.php.

location  ~ ^/auth/test\.php$ {

        # Use try files or the if statement below. try_files is preferred
        # If the original URI ($uri) does not resolve into an existing file or directory, a 404 error is returned
        try_files $uri =404;

        fastcgi_split_path_info ^(.+\.php)(/.+)$; #

        fastcgi_param USERNAME $arg_username;
        fastcgi_param PASSWORD $arg_password;
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        include fastcgi_params;
}

My understanding is that query parameters don't play a role when Nginx tries to match a location block. My script, test.php, is processed when uri is of the form http://host/auth/test.php?username=blah&password=blah. However, if I try a uri without the query parameters (http://host/auth/test.php) the script test.php gets downloaded by whomever requested it which isn't ideal. Is there a way in having Nginx not process this type of uri request? I thought the try_files directive would take care of this case but apparently not. Thanks.

Ivan Shatsky
  • 2,726
  • 2
  • 7
  • 19
Malanie
  • 5
  • 2
  • Try `fastcgi_split_path_info ^(.+\.php)($|/.*);` instead. – Ivan Shatsky Jun 23 '20 at 03:56
  • I tried your suggestion but it still did not work. When I accesshttp://host/auth/test.php the browser immediately downloads test.php instead of processing the php script. – Malanie Jun 23 '20 at 06:47
  • @IvanShatsky It was a browser cache issue. I believe your regular expression would have worked too. – Malanie Jun 24 '20 at 04:37

2 Answers2

0

First of all, your regular expression is an exact match for a URI string. So use NGINX's exact (non-regular) matching instead. This will also take care of ensuring highest priority:

location = /auth/test.php {

Next, you don't seem to be requiring the URLs of type /auth/test.php/foo for forwarding to different PHP files. So get rid of fastcgi_split_path_info completely.

The actual /auth/test.php script is the one handling the request. So simply put its name in fastcgi directives:

fastcgi_param SCRIPT_FILENAME $document_root/auth/test.php;

Lastly, the try_files $uri =404; is irrelevant and may cause more trouble. You already know the file is there, you don't need additional stat system calls to check for its existence.

So the complete snippet could be:

location = /auth/test.php {
    fastcgi_param USERNAME $arg_username;
    fastcgi_param PASSWORD $arg_password;
    fastcgi_pass unix:/var/run/php5-fpm.sock;
    fastcgi_param SCRIPT_FILENAME $document_root/auth/test.php;
    include fastcgi_params;
}
Danila Vershinin
  • 5,286
  • 5
  • 17
  • 21
0

First you have to use "=" if you want an exact match for the URI string.

location = /auth/test.php {

And for the .php to process, the location must be something like this:

location /auth/test.php {
   fastcgi_param SCRIPT_FILENAME $request_filename;
   include fastcgi_params;
}

Those two lines allow PHP to be processed regardless of the version of PHP.

Luis13
  • 29
  • 2