Nginx subdirectory php script 403 forbidden on nginx?

chienb · Nov 27, 2016

installed centminmod and letsencrypt on a fresh cent7.2 server. a day after installing letsencrypt, getting a 403 when trying to access: https://test.mydomain.com/test/index.php

/test/index.html is working properly. folder permissions are set to 755.

error.log:

Code:

2016/11/26 09:30:19 [error] 3975#0: *269 access forbidden by rule, client: 12.12.12.123, server: test.mydomain.com, request: "GET /test/index.php HTTP/2.0", host: "test.mydomain.com"

nginx.conf.default:

Code:

#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

    server {
        listen       80;
        server_name  localhost;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {
            root   html;
            index  index.html index.htm;
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000;
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #    include        fastcgi_params;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    }


    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}


    # HTTPS server
    #
    #server {
    #    listen       443 ssl;
    #    server_name  localhost;

    #    ssl_certificate      cert.pem;
    #    ssl_certificate_key  cert.key;

    #    ssl_session_cache    shared:SSL:1m;
    #    ssl_session_timeout  5m;

    #    ssl_ciphers  HIGH:!aNULL:!MD5;
    #    ssl_prefer_server_ciphers  on;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}

}

eva2000 · Nov 27, 2016

Did you follow Getting Started Guide steps ?

When you create a new nginx vhost domain via centmin.sh menu option 2 or menu option 22 or via /usr/bin/nv cli command line, you will create the Nginx vhost files and directories. You will get an outputted the path location where it will create the domain name's vhost conf file named newdomain.com.conf (and newdomain.com.ssl.conf if you selected yes to self signed SSL)

Nginx vhost conf path will be at /usr/local/nginx/conf/conf.d/newdomain.com.conf

Nginx HTTP/2 SSL vhost conf path will be at /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf

Nginx Self-Signed SSL Certificate Directory at /usr/local/nginx/conf/ssl/newdomain.com

Vhost public web root will be at /home/nginx/domains/newdomain.com/public

Vhost log directory will be at /home/nginx/domains/newdomain.com/log

Please post the contents of /usr/local/nginx/conf/conf.d/newdomain.com.conf and if applicable /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf wrapped in CODE tags (outlined at How to use forum BBCODE code tags)

chienb · Nov 27, 2016

/usr/local/nginx/conf/conf.d only contains 4 files:

demodomain.com.conf
dlserv1.filesparq.com.ssl.conf
ssl.conf
virtual.conf

dlserv1.filesparq.com.ssl.conf:

Code:

#x# HTTPS-DEFAULT
server {
 
  server_name dlserv1.filesparq.com www.dlserv1.filesparq.com;
  return 302 https://$server_name$request_uri;
}

server {
  listen 443 ssl http2;
  server_name dlserv1.filesparq.com www.dlserv1.filesparq.com;

  include /usr/local/nginx/conf/ssl/dlserv1.filesparq.com/dlserv1.filesparq.com.crt.key.conf;
  include /usr/local/nginx/conf/ssl_include.conf;

  http2_max_field_size 16k;
  http2_max_header_size 32k;
  # mozilla recommended
  ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+ECDSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+SHA384:EECDH+AES128:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;
  ssl_prefer_server_ciphers   on;
  #add_header Alternate-Protocol  443:npn-spdy/3;

  # before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts
  #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
  #add_header X-Frame-Options SAMEORIGIN;
  #add_header X-Xss-Protection "1; mode=block" always;
  #add_header X-Content-Type-Options "nosniff" always;
  #spdy_headers_comp 5;
  ssl_buffer_size 1369;
  ssl_session_tickets on;
 
  # enable ocsp stapling
  resolver 8.8.8.8 8.8.4.4 valid=10m;
  resolver_timeout 10s;
  ssl_stapling on;
  ssl_stapling_verify on;

# ngx_pagespeed & ngx_pagespeed handler
#include /usr/local/nginx/conf/pagespeed.conf;
#include /usr/local/nginx/conf/pagespeedhandler.conf;
#include /usr/local/nginx/conf/pagespeedstatslog.conf;

  # limit_conn limit_per_ip 16;
  # ssi  on;

  access_log /home/nginx/domains/dlserv1.filesparq.com/log/access.log combined buffer=256k flush=60m;
  error_log /home/nginx/domains/dlserv1.filesparq.com/log/error.log;

  include /usr/local/nginx/conf/autoprotect/dlserv1.filesparq.com/autoprotect-dlserv1.filesparq.com.conf;
  root /home/nginx/domains/dlserv1.filesparq.com/public;
  # uncomment cloudflare.conf include if using cloudflare for
  # server and/or vhost site
  #include /usr/local/nginx/conf/cloudflare.conf;
  include /usr/local/nginx/conf/503include-main.conf;

  location / {
  include /usr/local/nginx/conf/503include-only.conf;

# block common exploits, sql injections etc
#include /usr/local/nginx/conf/block.conf;

  # Enables directory listings when index file not found
  #autoindex  on;

  # Shows file listing times as local time
  #autoindex_localtime on;

  # Enable for vBulletin usage WITHOUT vbSEO installed
  # More example Nginx vhost configurations at
  # http://centminmod.com/nginx_configure.html
  #try_files    $uri $uri/ /index.php;

  }

  include /usr/local/nginx/conf/staticfiles.conf;
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/drop.conf;
  #include /usr/local/nginx/conf/errorpage.conf;
  include /usr/local/nginx/conf/vts_server.conf;
}

I also tried adding the following to nginx.default.conf:

Code:

        location /filehost_dl {
            root   /home/nginx/domains/dlserv1.filesparq.com/public/filehost_dl;
            index  index.html index.htm index.php;
        }

eva2000 · Nov 27, 2016

wrong config files - read Centmin Mod Configuration Files - CentminMod.com LEMP Nginx web stack for CentOS for overview of config files and path to your nginx site vhost, you should never have to add site settings to nginx.conf as they have their own nginx site vhost. Your valid vhost is dlserv1.filesparq.com at

/usr/local/nginx/conf/conf.d/dlserv1.filesparq.com.ssl.conf

chienb · Nov 27, 2016

changed and added the settings to dlserv1.filesparq.com.ssl.conf, restarted nginx, still getting 403.

eva2000 · Nov 27, 2016

What's current contents of dlserv1.filesparq.com.ssl.conf ?

chienb · Nov 27, 2016

Code:

#x# HTTPS-DEFAULT
server {
 
  location /filehost_dl {
     root   /home/nginx/domains/dlserv1.filesparq.com/public/filehost_dl;
     index  index.html index.htm index.php;
  }

}

server {
 
  server_name dlserv1.filesparq.com www.dlserv1.filesparq.com;
  return 302 https://$server_name$request_uri;
}

server {
  listen 443 ssl http2;
  server_name dlserv1.filesparq.com www.dlserv1.filesparq.com;

  include /usr/local/nginx/conf/ssl/dlserv1.filesparq.com/dlserv1.filesparq.com.crt.key.conf;
  include /usr/local/nginx/conf/ssl_include.conf;

  http2_max_field_size 16k;
  http2_max_header_size 32k;
  # mozilla recommended
  ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+ECDSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+SHA384:EECDH+AES128:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;
  ssl_prefer_server_ciphers   on;
  #add_header Alternate-Protocol  443:npn-spdy/3;

  # before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts
  #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
  #add_header X-Frame-Options SAMEORIGIN;
  #add_header X-Xss-Protection "1; mode=block" always;
  #add_header X-Content-Type-Options "nosniff" always;
  #spdy_headers_comp 5;
  ssl_buffer_size 1369;
  ssl_session_tickets on;
 
  # enable ocsp stapling
  resolver 8.8.8.8 8.8.4.4 valid=10m;
  resolver_timeout 10s;
  ssl_stapling on;
  ssl_stapling_verify on;

# ngx_pagespeed & ngx_pagespeed handler
#include /usr/local/nginx/conf/pagespeed.conf;
#include /usr/local/nginx/conf/pagespeedhandler.conf;
#include /usr/local/nginx/conf/pagespeedstatslog.conf;

  # limit_conn limit_per_ip 16;
  # ssi  on;

  access_log /home/nginx/domains/dlserv1.filesparq.com/log/access.log combined buffer=256k flush=60m;
  error_log /home/nginx/domains/dlserv1.filesparq.com/log/error.log;

  include /usr/local/nginx/conf/autoprotect/dlserv1.filesparq.com/autoprotect-dlserv1.filesparq.com.conf;
  root /home/nginx/domains/dlserv1.filesparq.com/public;
  # uncomment cloudflare.conf include if using cloudflare for
  # server and/or vhost site
  #include /usr/local/nginx/conf/cloudflare.conf;
  include /usr/local/nginx/conf/503include-main.conf;

  location / {
  include /usr/local/nginx/conf/503include-only.conf;

# block common exploits, sql injections etc
#include /usr/local/nginx/conf/block.conf;

  # Enables directory listings when index file not found
  #autoindex  on;

  # Shows file listing times as local time
  #autoindex_localtime on;

  # Enable for vBulletin usage WITHOUT vbSEO installed
  # More example Nginx vhost configurations at
  # http://centminmod.com/nginx_configure.html
  #try_files    $uri $uri/ /index.php;

  }

  include /usr/local/nginx/conf/staticfiles.conf;
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/drop.conf;
  #include /usr/local/nginx/conf/errorpage.conf;
  include /usr/local/nginx/conf/vts_server.conf;
}

eva2000 · Nov 27, 2016

you placed the code incorrectly

Code (Text):

#x# HTTPS-DEFAULT
server {

  location /filehost_dl {
     root   /home/nginx/domains/dlserv1.filesparq.com/public/filehost_dl;
     index  index.html index.htm index.php;
  }

}

is all incorrect as you place only

Code (Text):

  location /filehost_dl {
     root   /home/nginx/domains/dlserv1.filesparq.com/public/filehost_dl;
     index  index.html index.htm index.php;
  }

within the existing http2 ssl server{} context in dlserv1.filesparq.com.ssl.conf so it becomes AND you probably don't need the line

Code (Text):

    root   /home/nginx/domains/dlserv1.filesparq.com/public/filehost_dl;

but because you server php from that location context /filehost_dl you need the php.conf include file include /usr/local/nginx/conf/php.conf too.

so it becomes just

Code (Text):

#x# HTTPS-DEFAULT
server {
 
  server_name dlserv1.filesparq.com www.dlserv1.filesparq.com;
  return 302 https://$server_name$request_uri;
}

server {
  listen 443 ssl http2;
  server_name dlserv1.filesparq.com www.dlserv1.filesparq.com;

  include /usr/local/nginx/conf/ssl/dlserv1.filesparq.com/dlserv1.filesparq.com.crt.key.conf;
  include /usr/local/nginx/conf/ssl_include.conf;

  http2_max_field_size 16k;
  http2_max_header_size 32k;
  # mozilla recommended
  ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+ECDSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+SHA384:EECDH+AES128:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;
  ssl_prefer_server_ciphers   on;
  #add_header Alternate-Protocol  443:npn-spdy/3;

  # before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts
  #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
  #add_header X-Frame-Options SAMEORIGIN;
  #add_header X-Xss-Protection "1; mode=block" always;
  #add_header X-Content-Type-Options "nosniff" always;
  #spdy_headers_comp 5;
  ssl_buffer_size 1369;
  ssl_session_tickets on;
 
  # enable ocsp stapling
  resolver 8.8.8.8 8.8.4.4 valid=10m;
  resolver_timeout 10s;
  ssl_stapling on;
  ssl_stapling_verify on;

# ngx_pagespeed & ngx_pagespeed handler
#include /usr/local/nginx/conf/pagespeed.conf;
#include /usr/local/nginx/conf/pagespeedhandler.conf;
#include /usr/local/nginx/conf/pagespeedstatslog.conf;

  # limit_conn limit_per_ip 16;
  # ssi  on;

  access_log /home/nginx/domains/dlserv1.filesparq.com/log/access.log combined buffer=256k flush=60m;
  error_log /home/nginx/domains/dlserv1.filesparq.com/log/error.log;

  include /usr/local/nginx/conf/autoprotect/dlserv1.filesparq.com/autoprotect-dlserv1.filesparq.com.conf;
  root /home/nginx/domains/dlserv1.filesparq.com/public;
  # uncomment cloudflare.conf include if using cloudflare for
  # server and/or vhost site
  #include /usr/local/nginx/conf/cloudflare.conf;
  include /usr/local/nginx/conf/503include-main.conf;

  location / {
  include /usr/local/nginx/conf/503include-only.conf;

# block common exploits, sql injections etc
#include /usr/local/nginx/conf/block.conf;

  # Enables directory listings when index file not found
  #autoindex  on;

  # Shows file listing times as local time
  #autoindex_localtime on;

  # Enable for vBulletin usage WITHOUT vbSEO installed
  # More example Nginx vhost configurations at
  # http://centminmod.com/nginx_configure.html
  #try_files    $uri $uri/ /index.php;

  }

  location /filehost_dl {
     index  index.html index.htm index.php;
     include /usr/local/nginx/conf/php.conf;
  }

  include /usr/local/nginx/conf/staticfiles.conf;
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/drop.conf;
  #include /usr/local/nginx/conf/errorpage.conf;
  include /usr/local/nginx/conf/vts_server.conf;
}

chienb · Nov 29, 2016

still 403... the error in log "access forbidden by rule" makes me wonder if there is something like DENY preventing access but couldn't find anything in any of the .conf blocks. the only thing i found is the DENY ALL in virtual.conf:

Code:

server {
#         listen   80;
            listen   80 default_server backlog=2048 reuseport;
            server_name CC9;
            root   html;

        access_log              /var/log/nginx/localhost.access.log     main_ext buffer=256k flush=5m;
        error_log               /var/log/nginx/localhost.error.log      error;

# ngx_pagespeed & ngx_pagespeed handler
#include /usr/local/nginx/conf/pagespeed.conf;
#include /usr/local/nginx/conf/pagespeedhandler.conf;
#include /usr/local/nginx/conf/pagespeedstatslog.conf;

# limit_conn limit_per_ip 16;
# ssi  on;

        location /nginx_status {
        stub_status on;
        access_log   off;
        allow 127.0.0.1;
        #allow youripaddress;
        deny all;
        }

            location / {

# block common exploits, sql injections etc
#include /usr/local/nginx/conf/block.conf;

#         Enables directory listings when index file not found
#        autoindex  on;

#        Shows file listing times as local time
#        autoindex_localtime on;

#        Enable for vBulletin usage WITHOUT vbSEO installed
#        try_files        $uri $uri/ /index.php;
            
            }

        # example nginx-http-concat
        # /csstest/??one.css,two.css
        #location /csstest {
        #concat on;
        #concat_max_files 20;
        #}

include /usr/local/nginx/conf/staticfiles.conf;
include /usr/local/nginx/conf/include_opcache.conf;
include /usr/local/nginx/conf/php.conf;
#include /usr/local/nginx/conf/phpstatus.conf;
include /usr/local/nginx/conf/drop.conf;
#include /usr/local/nginx/conf/errorpage.conf;
include /usr/local/nginx/conf/vts_mainserver.conf;

}

eva2000 · Nov 29, 2016

does /filehost_dl have an index.html or index.php file ? nginx by default gives 403 permission to directories which do not have a index file

chienb · Nov 29, 2016

/filehost_dl directory looks like this:

data (folder)

hosts (folder)

images (folder)

lang (folder)

skin (folder)

.htaccess
add.php
ajax.js
class.php
config.php
debug.php
index.php
login.php
process.php
readme.md

index.php:

PHP:

<?php $using = isset($_COOKIE['using']) ? $_COOKIE['using'] : 'default'; $using = isset($_REQUEST['using']) ? $_REQUEST['using'] : $using; setcookie('using', $using); ob_start(); ob_implicit_flush(TRUE); ignore_user_abort(0); if (!ini_get('safe_mode')) set_time_limit(30); define('vinaget', 'yes'); require_once('class.php'); $obj = new stream_get(); $obj->using = $using; $obj->current_version = 104; $obj->msg = false; if (!empty($_COOKIE['msg'])) $obj->msg = htmlspecialchars($_COOKIE['msg']); setcookie('msg', ''); $host = $obj->list_host; $skin = "skin/{$obj->skin}"; error_reporting($obj->display_error ? E_ALL : 0); if ($obj->Deny == false){ require_once("{$skin}/function.php"); if (isset($_POST['urllist'])) $obj->main(); elseif (isset($_GET['infosv'])) showStat(); elseif (!isset($_POST['urllist'])) include("{$skin}/index.php"); } else include("{$skin}/login.php"); ob_end_flush(); ?>

I tried deleting the .htaccess, but made no difference.

eva2000 · Nov 29, 2016

check file permissions
Code (Text):
ls -lahR /home/nginx/domains/domain.com/public/filehost_dl 

chienb · Nov 29, 2016

Code:

total 152K
drwxrwxrwx 7 root  nginx 4.0K Nov 29 07:26 .
drwxr-s--- 3 nginx nginx 4.0K Nov 28 22:04 ..
-rwxrwxrwx 1 root  nginx 2.5K May 16  2016 add.php
-rwxrwxrwx 1 root  nginx  15K May 16  2016 ajax.js
-rwxrwxrwx 1 root  nginx  71K May 16  2016 class.php
-rwxrwxrwx 1 root  nginx 1.7K May 16  2016 config.php
drwxrwxrwx 3 root  nginx 4.0K Nov 28 22:04 data
-rwxrwxrwx 1 root  nginx  835 May 16  2016 debug.php
drwxrwxrwx 2 root  nginx 4.0K Nov 28 22:05 hosts
-rw-r--r-- 1 root  nginx 1.5K May 16  2016 .htaccess
drwxrwxrwx 2 root  nginx 4.0K Nov 28 22:05 images
-rwxrwxrwx 1 root  nginx  900 May 16  2016 index.php
drwxrwxrwx 2 root  nginx 4.0K Nov 28 22:05 lang
-rwxrwxrwx 1 root  nginx 1.4K May 16  2016 login.php
-rwxrwxrwx 1 root  nginx 3.3K May 16  2016 proccess.php
-rw-r--r-- 1 root  nginx 1.9K May 16  2016 README.md
drwxrwxrwx 4 root  nginx 4.0K Nov 28 22:05 skin
-rw-r--r-- 1 root  nginx   23 Nov 28 21:02 test.html

/home/nginx/domains/dlserv1.filesparq.com/public/filehost_dl/data:
total 16K
drwxrwxrwx 3 root nginx 4.0K Nov 28 22:04 .
drwxrwxrwx 7 root nginx 4.0K Nov 29 07:26 ..
-rw-r--r-- 1 root nginx    0 May 16  2016 account.dat
-rw-r--r-- 1 root nginx    0 May 16  2016 config.dat
-rw-r--r-- 1 root nginx    0 May 16  2016 cookie.dat
drwxr-sr-x 2 root nginx 4.0K Nov 28 22:05 files
-rw-r--r-- 1 root nginx   62 May 16  2016 index.php
-rw-r--r-- 1 root nginx    0 May 16  2016 log.txt
-rw-r--r-- 1 root nginx    0 May 16  2016 online.dat

/home/nginx/domains/dlserv1.filesparq.com/public/filehost_dl/data/files:
total 12K
drwxr-sr-x 2 root nginx 4.0K Nov 28 22:05 .
drwxrwxrwx 3 root nginx 4.0K Nov 28 22:04 ..
-rw-r--r-- 1 root nginx   62 May 16  2016 index.php

/home/nginx/domains/dlserv1.filesparq.com/public/filehost_dl/images:
total 220K
drwxrwxrwx 2 root nginx 4.0K Nov 28 22:05 .
drwxrwxrwx 7 root nginx 4.0K Nov 29 07:26 ..
-rw-r--r-- 1 root nginx 2.8K May 16  2016 bglist.png
-rw-r--r-- 1 root nginx 1.1K May 16  2016 button_bg1.gif
-rw-r--r-- 1 root nginx 1014 May 16  2016 button_bg2.gif
-rw-r--r-- 1 root nginx  717 May 16  2016 button_bg3.gif
-rw-r--r-- 1 root nginx 1.9K May 16  2016 chk_error.png
-rw-r--r-- 1 root nginx  162 May 16  2016 chk_good.png
-rw-r--r-- 1 root nginx 3.7K May 16  2016 error.png
-rw-r--r-- 1 root nginx  92K May 16  2016 jquery-1.7.1.min.js
-rw-r--r-- 1 root nginx  847 May 16  2016 loading_black.gif
-rw-r--r-- 1 root nginx  11K May 16  2016 loading.gif
-rw-r--r-- 1 root nginx  847 May 16  2016 loading_white.gif
-rw-r--r-- 1 root nginx 6.1K May 16  2016 sprintf.js
-rw-r--r-- 1 root nginx 6.7K May 16  2016 success.png
-rw-r--r-- 1 root nginx  27K May 16  2016 Thumbs.db
-rw-r--r-- 1 root nginx 8.9K May 16  2016 vngicon.png
-rw-r--r-- 1 root nginx 9.6K May 16  2016 ZeroClipboard.js
-rw-r--r-- 1 root nginx 1.1K May 16  2016 ZeroClipboard.swf

/home/nginx/domains/dlserv1.filesparq.com/public/filehost_dl/lang:
total 72K
drwxrwxrwx 2 root nginx 4.0K Nov 28 22:05 .
drwxrwxrwx 7 root nginx 4.0K Nov 29 07:26 ..
-rw-r--r-- 1 root nginx 5.0K May 16  2016 english.php
-rw-r--r-- 1 root nginx 5.4K May 16  2016 german.php
-rw-r--r-- 1 root nginx 5.2K May 16  2016 italian.php
-rw-r--r-- 1 root nginx 5.1K May 16  2016 polish.php
-rw-r--r-- 1 root nginx 5.2K May 16  2016 portuguese.php
-rw-r--r-- 1 root nginx 5.5K May 16  2016 spanish.php
-rw-r--r-- 1 root nginx 6.2K May 16  2016 turkish.php
-rw-r--r-- 1 root nginx 6.1K May 16  2016 vietnamese.php

/home/nginx/domains/dlserv1.filesparq.com/public/filehost_dl/skin:
total 16K
drwxrwxrwx 4 root nginx 4.0K Nov 28 22:05 .
drwxrwxrwx 7 root nginx 4.0K Nov 29 07:26 ..
drwxr-sr-x 6 root nginx 4.0K Nov 28 22:06 bootstrap
drwxrwxrwx 2 root nginx 4.0K Nov 28 22:06 default

/home/nginx/domains/dlserv1.filesparq.com/public/filehost_dl/skin/bootstrap:
total 60K
drwxr-sr-x 6 root nginx 4.0K Nov 28 22:06 .
drwxrwxrwx 4 root nginx 4.0K Nov 28 22:05 ..
-rw-r--r-- 1 root nginx 6.2K May 16  2016 admin.php
-rw-r--r-- 1 root nginx 4.2K May 16  2016 checkaccount.php
drwxr-sr-x 2 root nginx 4.0K Nov 28 22:06 css
-rw-r--r-- 1 root nginx 2.5K May 16  2016 function.php
drwxr-sr-x 2 root nginx 4.0K Nov 28 22:06 icons
drwxr-sr-x 2 root nginx 4.0K Nov 28 22:06 img
-rw-r--r-- 1 root nginx  12K May 16  2016 index.php
drwxr-sr-x 2 root nginx 4.0K Nov 28 22:06 js
-rw-r--r-- 1 root nginx 3.3K May 16  2016 login.php

/home/nginx/domains/dlserv1.filesparq.com/public/filehost_dl/skin/bootstrap/css:
total 132K
drwxr-sr-x 2 root nginx 4.0K Nov 28 22:06 .
drwxr-sr-x 6 root nginx 4.0K Nov 28 22:06 ..
-rw-r--r-- 1 root nginx 124K May 16  2016 bootstrap.min.css

/home/nginx/domains/dlserv1.filesparq.com/public/filehost_dl/skin/bootstrap/icons:
total 12K
drwxr-sr-x 2 root nginx 4.0K Nov 28 22:06 .
drwxr-sr-x 6 root nginx 4.0K Nov 28 22:06 ..
-rw-r--r-- 1 root nginx  623 May 16  2016 datafile.com.png

/home/nginx/domains/dlserv1.filesparq.com/public/filehost_dl/skin/bootstrap/img:
total 36K
drwxr-sr-x 2 root nginx 4.0K Nov 28 22:06 .
drwxr-sr-x 6 root nginx 4.0K Nov 28 22:06 ..
-rw-r--r-- 1 root nginx  13K May 16  2016 glyphicons-halflings.png
-rw-r--r-- 1 root nginx 8.6K May 16  2016 glyphicons-halflings-white.png

/home/nginx/domains/dlserv1.filesparq.com/public/filehost_dl/skin/bootstrap/js:
total 40K
drwxr-sr-x 2 root nginx 4.0K Nov 28 22:06 .
drwxr-sr-x 6 root nginx 4.0K Nov 28 22:06 ..
-rw-r--r-- 1 root nginx  29K May 16  2016 bootstrap.min.js

/home/nginx/domains/dlserv1.filesparq.com/public/filehost_dl/skin/default:
total 56K
drwxrwxrwx 2 root nginx 4.0K Nov 28 22:06 .
drwxrwxrwx 4 root nginx 4.0K Nov 28 22:05 ..
-rwxrwxrwx 1 root nginx 6.4K May 16  2016 admin.php
-rwxrwxrwx 1 root nginx 4.2K May 16  2016 checkaccount.php
-rwxrwxrwx 1 root nginx 1.5K May 16  2016 function.php
-rwxrwxrwx 1 root nginx  12K May 16  2016 index.php
-rwxrwxrwx 1 root nginx 4.6K May 16  2016 login.php
-rwxrwxrwx 1 root nginx 4.1K May 16  2016 rl_style_pm.css

eva2000 · Nov 29, 2016

set nginx user/group permissions
Code (Text):
chown -R nginx:nginx /home/nginx/domains/dlserv1.filesparq.com/public/filehost_dl
probably can do for entire site
Code (Text):
chown -R nginx:nginx /home/nginx/domains/dlserv1.filesparq.com/public

chienb · Nov 29, 2016

still the same unfortunately...

eva2000 · Nov 29, 2016

re-check file permissions
Code (Text):
ls -lahR /home/nginx/domains/domain.com/public/filehost_dl 

eva2000 · Nov 29, 2016

could be related to the auto protect Beta Branch - autoprotect.sh - apache .htaccess check & migration to nginx deny all | Centmin Mod Community include file
Code (Text):
include /usr/local/nginx/conf/autoprotect/dlserv1.filesparq.com/autoprotect-dlserv1.filesparq.com.conf;
What's it's contents
Code (Text):
cat /usr/local/nginx/conf/autoprotect/dlserv1.filesparq.com/autoprotect-dlserv1.filesparq.com.conf
you can exclude the directory from autoprotect as outlined at Beta Branch - autoprotect.sh - apache .htaccess check & migration to nginx deny all | Centmin Mod Community

create an empty .autoprotect-bypass file at /home/nginx/domains/domain.com/public/filehost_dl using touch command and from Nginx - subdirectory php script 403 forbidden on nginx? also exclude /filehost_dl/hosts/
Code (Text):
touch /home/nginx/domains/domain.com/public/filehost_dl/.autoprotect-bypass
touch /home/nginx/domains/domain.com/public/filehost_dl/hosts/.autoprotect-bypass
then re-run manually the script
Code (Text):
/usr/local/src/centminmod/tools/autoprotect.sh
which will regenerate up to date /usr/local/nginx/conf/autoprotect/dlserv1.filesparq.com/autoprotect-dlserv1.filesparq.com.conf include file

chienb · Nov 29, 2016

Code:

/home/nginx/domains/dlserv1.filesparq.com/public/filehost_dl:
total 152K
drwxrwxrwx 7 nginx nginx 4.0K Nov 29 07:26 .
drwxr-s--- 3 nginx nginx 4.0K Nov 28 22:04 ..
-rwxrwxrwx 1 nginx nginx 2.5K May 16  2016 add.php
-rwxrwxrwx 1 nginx nginx  15K May 16  2016 ajax.js
-rwxrwxrwx 1 nginx nginx  71K May 16  2016 class.php
-rwxrwxrwx 1 nginx nginx 1.7K May 16  2016 config.php
drwxrwxrwx 3 nginx nginx 4.0K Nov 28 22:04 data
-rwxrwxrwx 1 nginx nginx  835 May 16  2016 debug.php
drwxrwxrwx 2 nginx nginx 4.0K Nov 28 22:05 hosts
-rw-r--r-- 1 nginx nginx 1.5K May 16  2016 .htaccess
drwxrwxrwx 2 nginx nginx 4.0K Nov 28 22:05 images
-rwxrwxrwx 1 nginx nginx  900 May 16  2016 index.php
drwxrwxrwx 2 nginx nginx 4.0K Nov 28 22:05 lang
-rwxrwxrwx 1 nginx nginx 1.4K May 16  2016 login.php
-rwxrwxrwx 1 nginx nginx 3.3K May 16  2016 proccess.php
-rw-r--r-- 1 nginx nginx 1.9K May 16  2016 README.md
drwxrwxrwx 4 nginx nginx 4.0K Nov 28 22:05 skin
-rw-r--r-- 1 nginx nginx   23 Nov 28 21:02 test.html

/home/nginx/domains/dlserv1.filesparq.com/public/filehost_dl/data:
total 16K
drwxrwxrwx 3 nginx nginx 4.0K Nov 28 22:04 .
drwxrwxrwx 7 nginx nginx 4.0K Nov 29 07:26 ..
-rw-r--r-- 1 nginx nginx    0 May 16  2016 account.dat
-rw-r--r-- 1 nginx nginx    0 May 16  2016 config.dat
-rw-r--r-- 1 nginx nginx    0 May 16  2016 cookie.dat
drwxr-sr-x 2 nginx nginx 4.0K Nov 28 22:05 files
-rw-r--r-- 1 nginx nginx   62 May 16  2016 index.php
-rw-r--r-- 1 nginx nginx    0 May 16  2016 log.txt
-rw-r--r-- 1 nginx nginx    0 May 16  2016 online.dat

/home/nginx/domains/dlserv1.filesparq.com/public/filehost_dl/data/files:
total 12K
drwxr-sr-x 2 nginx nginx 4.0K Nov 28 22:05 .
drwxrwxrwx 3 nginx nginx 4.0K Nov 28 22:04 ..
-rw-r--r-- 1 nginx nginx   62 May 16  2016 index.php

/home/nginx/domains/dlserv1.filesparq.com/public/filehost_dl/images:
total 220K
drwxrwxrwx 2 nginx nginx 4.0K Nov 28 22:05 .
drwxrwxrwx 7 nginx nginx 4.0K Nov 29 07:26 ..
-rw-r--r-- 1 nginx nginx 2.8K May 16  2016 bglist.png
-rw-r--r-- 1 nginx nginx 1.1K May 16  2016 button_bg1.gif
-rw-r--r-- 1 nginx nginx 1014 May 16  2016 button_bg2.gif
-rw-r--r-- 1 nginx nginx  717 May 16  2016 button_bg3.gif
-rw-r--r-- 1 nginx nginx 1.9K May 16  2016 chk_error.png
-rw-r--r-- 1 nginx nginx  162 May 16  2016 chk_good.png
-rw-r--r-- 1 nginx nginx 3.7K May 16  2016 error.png
-rw-r--r-- 1 nginx nginx  92K May 16  2016 jquery-1.7.1.min.js
-rw-r--r-- 1 nginx nginx  847 May 16  2016 loading_black.gif
-rw-r--r-- 1 nginx nginx  11K May 16  2016 loading.gif
-rw-r--r-- 1 nginx nginx  847 May 16  2016 loading_white.gif
-rw-r--r-- 1 nginx nginx 6.1K May 16  2016 sprintf.js
-rw-r--r-- 1 nginx nginx 6.7K May 16  2016 success.png
-rw-r--r-- 1 nginx nginx  27K May 16  2016 Thumbs.db
-rw-r--r-- 1 nginx nginx 8.9K May 16  2016 vngicon.png
-rw-r--r-- 1 nginx nginx 9.6K May 16  2016 ZeroClipboard.js
-rw-r--r-- 1 nginx nginx 1.1K May 16  2016 ZeroClipboard.swf

/home/nginx/domains/dlserv1.filesparq.com/public/filehost_dl/lang:
total 72K
drwxrwxrwx 2 nginx nginx 4.0K Nov 28 22:05 .
drwxrwxrwx 7 nginx nginx 4.0K Nov 29 07:26 ..
-rw-r--r-- 1 nginx nginx 5.0K May 16  2016 english.php
-rw-r--r-- 1 nginx nginx 5.4K May 16  2016 german.php
-rw-r--r-- 1 nginx nginx 5.2K May 16  2016 italian.php
-rw-r--r-- 1 nginx nginx 5.1K May 16  2016 polish.php
-rw-r--r-- 1 nginx nginx 5.2K May 16  2016 portuguese.php
-rw-r--r-- 1 nginx nginx 5.5K May 16  2016 spanish.php
-rw-r--r-- 1 nginx nginx 6.2K May 16  2016 turkish.php
-rw-r--r-- 1 nginx nginx 6.1K May 16  2016 vietnamese.php

/home/nginx/domains/dlserv1.filesparq.com/public/filehost_dl/skin:
total 16K
drwxrwxrwx 4 nginx nginx 4.0K Nov 28 22:05 .
drwxrwxrwx 7 nginx nginx 4.0K Nov 29 07:26 ..
drwxr-sr-x 6 nginx nginx 4.0K Nov 28 22:06 bootstrap
drwxrwxrwx 2 nginx nginx 4.0K Nov 28 22:06 default

/home/nginx/domains/dlserv1.filesparq.com/public/filehost_dl/skin/bootstrap:
total 60K
drwxr-sr-x 6 nginx nginx 4.0K Nov 28 22:06 .
drwxrwxrwx 4 nginx nginx 4.0K Nov 28 22:05 ..
-rw-r--r-- 1 nginx nginx 6.2K May 16  2016 admin.php
-rw-r--r-- 1 nginx nginx 4.2K May 16  2016 checkaccount.php
drwxr-sr-x 2 nginx nginx 4.0K Nov 28 22:06 css
-rw-r--r-- 1 nginx nginx 2.5K May 16  2016 function.php
drwxr-sr-x 2 nginx nginx 4.0K Nov 28 22:06 icons
drwxr-sr-x 2 nginx nginx 4.0K Nov 28 22:06 img
-rw-r--r-- 1 nginx nginx  12K May 16  2016 index.php
drwxr-sr-x 2 nginx nginx 4.0K Nov 28 22:06 js
-rw-r--r-- 1 nginx nginx 3.3K May 16  2016 login.php

/home/nginx/domains/dlserv1.filesparq.com/public/filehost_dl/skin/bootstrap/css:
total 132K
drwxr-sr-x 2 nginx nginx 4.0K Nov 28 22:06 .
drwxr-sr-x 6 nginx nginx 4.0K Nov 28 22:06 ..
-rw-r--r-- 1 nginx nginx 124K May 16  2016 bootstrap.min.css

/home/nginx/domains/dlserv1.filesparq.com/public/filehost_dl/skin/bootstrap/icons:
total 12K
drwxr-sr-x 2 nginx nginx 4.0K Nov 28 22:06 .
drwxr-sr-x 6 nginx nginx 4.0K Nov 28 22:06 ..
-rw-r--r-- 1 nginx nginx  623 May 16  2016 datafile.com.png

/home/nginx/domains/dlserv1.filesparq.com/public/filehost_dl/skin/bootstrap/img:
total 36K
drwxr-sr-x 2 nginx nginx 4.0K Nov 28 22:06 .
drwxr-sr-x 6 nginx nginx 4.0K Nov 28 22:06 ..
-rw-r--r-- 1 nginx nginx  13K May 16  2016 glyphicons-halflings.png
-rw-r--r-- 1 nginx nginx 8.6K May 16  2016 glyphicons-halflings-white.png

/home/nginx/domains/dlserv1.filesparq.com/public/filehost_dl/skin/bootstrap/js:
total 40K
drwxr-sr-x 2 nginx nginx 4.0K Nov 28 22:06 .
drwxr-sr-x 6 nginx nginx 4.0K Nov 28 22:06 ..
-rw-r--r-- 1 nginx nginx  29K May 16  2016 bootstrap.min.js

/home/nginx/domains/dlserv1.filesparq.com/public/filehost_dl/skin/default:
total 56K
drwxrwxrwx 2 nginx nginx 4.0K Nov 28 22:06 .
drwxrwxrwx 4 nginx nginx 4.0K Nov 28 22:05 ..
-rwxrwxrwx 1 nginx nginx 6.4K May 16  2016 admin.php
-rwxrwxrwx 1 nginx nginx 4.2K May 16  2016 checkaccount.php
-rwxrwxrwx 1 nginx nginx 1.5K May 16  2016 function.php
-rwxrwxrwx 1 nginx nginx  12K May 16  2016 index.php
-rwxrwxrwx 1 nginx nginx 4.6K May 16  2016 login.php
-rwxrwxrwx 1 nginx nginx 4.1K May 16  2016 rl_style_pm.css

chienb · Nov 29, 2016

Code:

# https://community.centminmod.com/posts/35394/
# /home/nginx/domains/dlserv1.filesparq.com/public/filehost_dl/hosts

location /filehost_dl/hosts/ {
  location ~ ^/filehost_dl/hosts/(.+/)?(.+)\.(js)$ { allow all; expires 30d; }
  location ~ ^/filehost_dl/hosts/(.+/)?(.+)\.(css)$ { allow all; expires 30d; }
  location ~ ^/filehost_dl/hosts/(.+/)?(.+)\.(gif|jpe?g|png|webp|eot|svg|ttf|woff|woff)$ { allow all; expires 30d; }
  location ~ ^/filehost_dl/hosts/(.+/)?(.+)\.(php|cgi|pl|php3|php4|php5|php6|phtml|shtml)$ { allow 127.0.0.1; deny all; }
}

# https://community.centminmod.com/posts/35394/
# /home/nginx/domains/dlserv1.filesparq.com/public/filehost_dl

location /filehost_dl/ {
  location ~ ^/filehost_dl/(.+/)?(.+)\.(js)$ { allow all; expires 30d; }
  location ~ ^/filehost_dl/(.+/)?(.+)\.(css)$ { allow all; expires 30d; }
  location ~ ^/filehost_dl/(.+/)?(.+)\.(gif|jpe?g|png|webp|eot|svg|ttf|woff|woff)$ { allow all; expires 30d; }
  location ~ ^/filehost_dl/(.+/)?(.+)\.(php|cgi|pl|php3|php4|php5|php6|phtml|shtml)$ { allow 127.0.0.1; deny all; }
}

eva2000 · Nov 29, 2016

probably related to autoprotect include file so workaround outline above Nginx - subdirectory php script 403 forbidden on nginx? | Centmin Mod Community

Log in / Register

Forums

Join the community today

Nginx subdirectory php script 403 forbidden on nginx?

chienb New Member

eva2000 Administrator Staff Member

chienb New Member

eva2000 Administrator Staff Member

chienb New Member

eva2000 Administrator Staff Member

chienb New Member

eva2000 Administrator Staff Member

chienb New Member

eva2000 Administrator Staff Member

chienb New Member

eva2000 Administrator Staff Member

chienb New Member

eva2000 Administrator Staff Member

chienb New Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

chienb New Member

chienb New Member

eva2000 Administrator Staff Member

.

Log in / Register

Useful Searches

Join the community today

Nginx subdirectory php script 403 forbidden on nginx?

chienb New Member

eva2000 Administrator Staff Member

chienb New Member

eva2000 Administrator Staff Member

chienb New Member

eva2000 Administrator Staff Member

chienb New Member

eva2000 Administrator Staff Member

chienb New Member

eva2000 Administrator Staff Member

chienb New Member

eva2000 Administrator Staff Member

chienb New Member

eva2000 Administrator Staff Member

chienb New Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

chienb New Member

chienb New Member

eva2000 Administrator Staff Member

.