Welcome! Log In Create A New Profile


PHP handling where URI contains a path, index is in root

May 27, 2020 09:32AM

I run a PHP + MySQL content management system on Nginx (1.19.0 at time of writing) and an issue has arisen with the way I'm handing PHP files in some situations.

The issue appears to manifest with queries when they are prepended by a path, where a `?` is prepended. If the queries exist in the root location, they work as expected.

Take the two following URIs, note the second has a `path` set, but this does not exist on the filesystem. The CMS might, for example, have a path set to 'articles' or 'blog'.:

http://subdomain.example.com/?a=b&d=g (No `path`)
http://subdomain.example.com/path/?a=b&d=g (With `path`)

Running $_GET array gives different results:

= No `path` =

array (
'a' => 'b',
'd' => 'g',

= With `path` =

array (
'?a' => 'b',
'd' => 'g',

Note the first key in the 'With `path`' example is wrongly prepended with `?`.

My Nginx config appears to have been running fine for some time, but my instinct says there's either a `location` regex that I'm missing, or something else I've overlooked. I am, unfortunately, not smart enough to know what I'm doing wrong.

I have included all my `location` blocks for this `server` so as not to trigger a conflict from another `location` block, the most relevant two are the last and second-to-last in the list.

location ^~ /.well-known/ {
allow all;
default_type "text/plain";
root /var/www/sites/example.com/subdomain/_well-known/;
try_files $uri $uri/ =404;
location /favicon.ico {
access_log off;
log_not_found off;
location /robots.txt {
access_log off;
log_not_found off;
location ~ /\. {
deny all;
location ~ \.svg$ {
#redeclare `add_header` from parent, with modified `style-src` for SVG
set $csp_svg_1f173340 '';
set $csp_svg_1f173340 '${csp_svg_1f173340}default-src \'none\';';
set $csp_svg_1f173340 '${csp_svg_1f173340}frame-ancestors \'self\';';
set $csp_svg_1f173340 '${csp_svg_1f173340}style-src \'self\' \'unsafe-inline\';';
add_header Content-Security-Policy $csp_svg_1f173340;
add_header Referrer-Policy strict-origin;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options SAMEORIGIN;
add_header X-XSS-Protection "1; mode=block";
location / {
index index.html index.php;
limit_except GET HEAD POST {
deny all;
try_files $uri $uri/ /index.php?$is_args$args;
location ~ ^.+\.php(?:/.*)?$ {
fastcgi_hide_header "X-Powered-By";
fastcgi_keep_conn on;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass unix:/var/run/php/php-fpm74.sock;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
try_files $uri =404;

I would be grateful if you're able to have a look and see what I might be doing wrong. Any recommendations for further reading, or pointers to a 'better' way of handling PHP in this situation are very gratefully received.

Thank you in advance, and best wishes to you.
Subject Author Posted

PHP handling where URI contains a path, index is in root

petecooper May 27, 2020 09:32AM

Re: PHP handling where URI contains a path, index is in root

Moshe Katz May 27, 2020 09:40AM

Re: PHP handling where URI contains a path, index is in root

petecooper May 27, 2020 09:43AM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 50
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready