1. 首页
  2. 问答
  3. [alibaba/tengine]tengine deny all 指令; http code 不一致!

[alibaba/tengine]tengine deny all 指令; http code 不一致!

2024-01-03 205 views
2
今天分析日志的时候发现浏览器响应403 访问日志存的是 200 环境 
Tengine version: Tengine/2.1.2 (nginx/1.6.2)
规则 
location ~ \.php$ {
    deny all; #禁止php
}
access.log 
61.146.153.20 - - [17/Jul/2016:16:30:33 +0800] "POST //weki.php HTTP/1.1" 200 250 "" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)" "
-" "-" - 0.000
61.146.153.20 - - [17/Jul/2016:16:30:34 +0800] "POST //data/data/index.php HTTP/1.1" 200 250 "" "Mozilla/4.0 (compatible; MSIE 9
.0; Windows NT 6.1)" "-" "-" - 0.000
61.146.153.20 - - [17/Jul/2016:16:30:34 +0800] "POST //data/conn/config.php HTTP/1.1" 200 250 "" "Mozilla/4.0 (compatible; MSIE
 9.0; Windows NT 6.1)" "-" "-" - 0.000
61.146.153.20 - - [17/Jul/2016:16:30:35 +0800] "POST //include/helperss/filter.helpear.php HTTP/1.1" 200 250 ""
"Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)" "-" "-" - 0.000
61.146.153.20 - - [17/Jul/2016:16:30:35 +0800] "POST //install/modurnlecscache.php HTTP/1.1" 200 250 "" "Mozilla/4.0 (co
mpatible; MSIE 9.0; Windows NT 6.1)" "-" "-" - 0.000
61.146.153.20 - - [17/Jul/2016:16:30:35 +0800] "POST //include/data/fonts/uddatasql.php HTTP/1.1" 200 250 "" "Mozil
la/4.0 (compatible; MSIE 9.0; Windows NT 6.1)" "-" "-" - 0.000
浏览器的到的响应 
BodyHeaders (5)
STATUS 403 Forbidden
TIME 38 ms

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
    <head>
        <title>403 Forbidden</title>
    </head>
    <body bgcolor="white">
        <h1>403 Forbidden</h1>
        <p>You don't have permission to access the URL on this server.
        <hr/>Powered by tengine
    </body>
</html>
疑惑

是bug吗?

zming619

回答

5
环境 
➜  nginx nginx -v
nginx version: nginx/1.6.2
➜  nginx
access.log 
127.0.0.1 - - [17/Jul/2016:19:02:08 +0800] "GET /php/thread.php HTTP/1.1" 403 570 "http://localhost/php/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36" "-"

nginx 下 http code 一致

zming619

1
  • 我尝试了下无法复现,能提供完整的配置?
  • 我怀疑是否是 POST的php请求没有进入到正确的server{}

chobits

8

现在环境已经变化,我之前PHP配置是这样的

server {
    ...
    # access php
    location ~ \.php$ {
        # run php
        location ~ /path/(a|b)\.php$ {
            include php7.run;
        }

        # deny php
        location ~ \.php$ {
            deny all;
        }
    }
}

zming619

 相关问题