访问脚本'xxx/xxx/php'已被拒绝(请参阅security.limit_extensions) - nginx "Access to the script 'xxx/xxx/php' has been denied (see security.limit_extensions)"

nginx "Access to the script 'xxx/xxx/php' has been denied (see security.limit_extensions)"

我得到了这个错误。显然，我想使用ckfinder来上传文件。

Access to the script '/var/www/example.com/public/admin/scripts/vendor/ckfinder
/core/connector/php' has been denied (see security.limit_extensions) while reading 
response header from upstream, client: x.x.x.x, server: 
example.com, request: "GET /admin/scripts/vendor/ckfinder/core/
connector/php/connector.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", 
host: "example.com"

我已经将security.limit_extensions设置为。php。我看过访问拒绝(403)的PHP文件与Nginx + PHP- fpm，我尝试了他们中的大多数(除了fix_pathinfo)没有运气。在我注意到错误消息中的脚本路径之前，来自connector.php的GET请求位于php/目录中。我认为问题是nginx看到这个目录名称作为脚本，并试图运行它，不确定。

这是我的nginx服务器块。

server {
    listen 80;
    root /var/www/example.com/public;
    index index.html index.htm index.php app.php app_dev.php;
    # Make site accessible from ...
    server_name example.com;
    access_log /var/log/nginx/example.com-access.log;
    error_log  /var/log/nginx/example.com-error.log error;
    charset utf-8;
    location / {
        # try_files '$uri '$uri/ /app.php?'$query_string /index.php?'$query_string;
        try_files $uri $uri/ /index.php?'$query_string;
    }
    location = /favicon.ico { log_not_found off; access_log off; }
    location = /robots.txt  { access_log off; log_not_found off; }
    error_page 404 /index.php;
    location = /admin/scripts/vendor/ckfinder/core/connector/php/connector.php {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+.php)(/.+)$;
        # With php5-fpm:
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param LARA_ENV local; # Environment variable for Laravel
        fastcgi_param HTTPS off;
    }
    location ~ '.php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+.php)(/.+)$;
        # With php5-fpm:
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param LARA_ENV local; # Environment variable for Laravel
        fastcgi_param HTTPS off;
    }
    # Deny .htaccess file access
    location ~ /'.ht {
        deny all;
    }
}

我的问题是如何指示nginx知道php/是一个路径，而不是一个脚本?

您在fastcgi_split_path_info指令中有错误。正则表达式.+.php将匹配这些字符串:至少1个字符，然后是任何字符，然后是文本"php"。

您需要转义点('.)，因此它不表示任何字符，而仅表示点本身。

所以正确的语法应该是:

  fastcgi_split_path_info ^(.+'.php)(/.+)$;