Welcome to Centmin Mod Community
Register Now

Access denied for statistics pages

Discussion in 'Install & Upgrades or Pre-Install Questions' started by Investrum, Jul 5, 2019.

  1. Investrum

    Investrum New Member

    7
    1
    3
    Jun 19, 2019
    Ratings:
    +3
    Local Time:
    10:31 PM
    1.17.0
    MariaDB 10.3.16
    I can not understand what could be the problem. I can not access to statistics pages: PHP Opcode and Memcached statistics pages

    I get "Access denied" when trying to open any page.
     
  2. eva2000

    eva2000 Administrator Staff Member

    40,634
    9,023
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,891
    Local Time:
    5:31 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    which specific statistics pages you trying to access ? do you get any username/password prompts on any of them ? as some are username/password protected - the details would be shown on initial centmin mod install as well as in install log saved in /root/centminlogs as well as within the file you are trying to access itself i.e. memcached and php info pages located in /usr/local/nginx/html/ directory which is web root for main hostname of server.
     
    • Like Like x 1
  3. Investrum

    Investrum New Member

    7
    1
    3
    Jun 19, 2019
    Ratings:
    +3
    Local Time:
    10:31 PM
    1.17.0
    MariaDB 10.3.16
    All of them: Memcached, PHP Info, Zend Opcache.
    Only for Zend Opcache. And after I enter username/password, I get "Access denied". For Memcached and PHP Info pages i get "Access denied" immediately, without any prompts.
    I know the login details, I saved it after installation.
    I previously installed CentminMod on another VDS, and there were no problems with access to statistics pages. But now this problem has arisen, very strange, I do not understand where I made a mistake.
     
    style="display:inline-block;min-width:400px;max-width:970px;width:95%;height:90px" data-ad-client="ca-pub-6669518204467592" data-ad-slot="4024536743" data-ad-format="auto">
  4. eva2000

    eva2000 Administrator Staff Member

    40,634
    9,023
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,891
    Local Time:
    5:31 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    in /usr/local/nginx/html/ you can edit and change those files username/pass for zend opcache and see if that works - sometimes depending on your SSH client's language encoding (non-english OS systems), copy/paste text gets screwed up if that applies to you.

    have you modified the main hostname's nginx vhost config file at /usr/local/nginx/conf/conf.d/virtual.conf in anyway ? this is what controls what is served and how it's served on main hostname access to get to and read these statistic pages.

    you can share contents of your /usr/local/nginx/conf/conf.d/virtual.conf masking any sensitive domain or IP info and wrap in CODE bbcode tags

    cat output contents of /usr/local/nginx/conf/conf.d/virtual.conf
    Code (Text):
    cat /usr/local/nginx/conf/conf.d/virtual.conf

    for posting code or output from commands to keep the formatting, you might want to use CODE tags for code How to use forum BBCODE code tags :)

    If you have more than one Centmin Mod server, any chance you're using the wrong set of user/pass credentials from a different Centmin Mod server ? Though that would NOT explain why some get access denied immediately.

    Any clues in Nginx & PHP-FPM access/error logs ? Nginx main hostname's access log is disabled by default in /usr/local/nginx/conf/nginx.conf
    Code (Text):
    access_log  off;

    so enable it via
    Code (Text):
    access_log logs/access.log

    restart nginx server for it to take effect.

    To troubleshoot Nginx and PHP-FPM issues you'd want to check the main hostname site's vhost access.log and error.log logs located within directory at /usr/local/nginx/logs. You can see a full overview at centminmod.com/configfiles.html

    FAQ item 19 has more info on all Centmin Mod relevant log files locations and how to use tail command to view a sample of the entries.
     
    • Like Like x 1
  5. Investrum

    Investrum New Member

    7
    1
    3
    Jun 19, 2019
    Ratings:
    +3
    Local Time:
    10:31 PM
    1.17.0
    MariaDB 10.3.16
    Oh, the problem bigger than I thought. I get "Access denied" when trying to open any .php file.
    hostname.mydomain.com/any_file.php and mydomain.com/any_file.php - same result.
    Code:
    server {
        listen      80;
        server_name [ip_address_of_my_VDS];
        return      444;
    }
    server {
                listen 80 default_server backlog=4095 reuseport;
                server_name [hostname.mydomain.com];
                root   html;
    
            access_log              /var/log/nginx/localhost.access.log     combined buffer=256k flush=5m;
            error_log               /var/log/nginx/localhost.error.log      error;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
    # limit_conn limit_per_ip 16;
    # ssi  on;
    
            location /nginx_status {
            stub_status on;
            access_log   off;
            allow 127.0.0.1;
            #allow youripaddress;
            deny all;
            }
    
                location / {
    
    # block common exploits, sql injections etc
    #include /usr/local/nginx/conf/block.conf;
    
    #Enables directory listings when index file not found
    #autoindex  on;
    
    #Shows file listing times as local time
    #autoindex_localtime on;
    
    # Wordpress Permalinks example
    #try_files \$uri \$uri/ /index.php?q=\$uri&\$args;
    
                }
    
    include /usr/local/nginx/conf/staticfiles.conf;
    include /usr/local/nginx/conf/include_opcache.conf;
    include /usr/local/nginx/conf/php.conf;
    #include /usr/local/nginx/conf/phpstatus.conf;
    include /usr/local/nginx/conf/drop.conf;
    #include /usr/local/nginx/conf/errorpage.conf;
    #include /usr/local/nginx/conf/vts_mainserver.conf;
    
           }
    Code (Text):
    "GET /any_file.php HTTP/2.0" 403 35 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36"

    Code (Text):
    2019/07/05 11:11:42 [error] 14637#14637: *4 FastCGI sent in stderr: "Access to the script '/home/nginx/domains/mydomain.com/public' has been denied (see security.limit_extensions)" while reading response header from upstream, client: [my_ip_address], server: mydomain.com, request: "GET /any_file.php HTTP/2.0", upstream: "fastcgi://127.0.0.1:9000", host: "mydomain.com"
     
    • Informative Informative x 1
  6. Investrum

    Investrum New Member

    7
    1
    3
    Jun 19, 2019
    Ratings:
    +3
    Local Time:
    10:31 PM
    1.17.0
    MariaDB 10.3.16
    I solved it. I customized php.ini settings according to PHP-FPM - CentminMod.com LEMP Nginx web stack for CentOS
    And I have /etc/centminmod/php.d/b_customphp.ini:
    Code (Text):
    date.timezone = "Europe/Moscow"
    cgi.fix_pathinfo=0

    The problem was in the parameter cgi.fix_pathinfo=0. After I commented this, the problem was solved.
    I read in a lot of guides that it is necessary to set cgi.fix_pathinfo=0. And now I don't understand how this setting should be configured correctly and safely.....
     
    • Informative Informative x 1
  7. eva2000

    eva2000 Administrator Staff Member

    40,634
    9,023
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,891
    Local Time:
    5:31 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Centmin Mod doesn't need cgi.fix_pathinfo=0 so leave it alone :)
     
    • Agree Agree x 1
  8. Investrum

    Investrum New Member

    7
    1
    3
    Jun 19, 2019
    Ratings:
    +3
    Local Time:
    10:31 PM
    1.17.0
    MariaDB 10.3.16
    • Like Like x 1