Hello, guys,
Another Apache convert here. My 3rd day with nginx and loving it.
I have a nginx + php-fpm setup. The problem is that nginx downloads the PHP scripts without being parsed instead of passing them to php-fpm - so far I have discovered that happening only with Chrome's 14.0.835 (64bit), otherwise it works just fine; there is no difference whether php-fpm is running or not, so I think it is safe to assume that the scripts are not being passed to the backend at all. The relevant (hopefuly configuration):
location ~ \/[0-9a-zA-Z]+\.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_index index.php;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors on;
if ($uri ~* \/(images?|system|download|upload|cache|logs?)\/(.*\/)?[0-9a-z]+\.php$) {
return 404;
}
fastcgi_pass php-fpm;
}
location /url/ {
alias /dir/url/;
index index.php;
if ($request_uri ~* \.(ico|css|js|gif|jpe?g|png)$) {
expires 30d;
break;
}
if (-f $request_filename) {
break;
}}
Any ideas? How can I prevent such things from happening, providing some failsafe, disallowing php files' download? I have so far come out with that, protecting only possible configuration files:
location ~ (/\.|.*conf.*\.php) {
deny all;
}
But I would like a more generic approach, if possible.
Thank you for your time.