Question

nginx getimagesize from local server: 403

Posted August 3, 2021 116 views
NginxPHP

Hello,

I have a 403 error when trying to use the PHP function getimagesize on nginx based web server:

list($imageWidth, $imageHeight) = getimagesize($imagesSource['Main']);

Where $imageSource[‘Main’] is like:

https://mywebsite/include/php/render/canvas/VR/2/image/U35p/ver//bgColor/ffffff/widthMM/300/heightMM/388/aube-sunny.jpg

It’s an image generated by PHP-imagick module and is not locally available. This image can be opened by a browser with no problem.

To generate this image which go through 404. Nginx is configured like that:

error_page 404 = /url_rewriting.php;

And in the file url_rewriting.php, we analyse the URL to see if it’s real 404 or an image which must be generated:

if((isset($urlHash[2]) && $urlHash[2] === 'render')) {
...
    header('Status: 200 OK', false, 200);
    chdir('include/php/render/'.$_GET['render']);
    require ('include/php/render/'.$_GET['render'].'/render_img.php');
    exit;
}

All is working fine but not the getimagesize from my own server.

What is strange is that it’s working on my development environment which has the same versions of nginx and PHP and pretty the same configuration.

It might a a configuration issue or a right issue on a certain file but I don’t know where to check.

Any idea?

Thanks for any help :)
Vincent

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
1 answer

Hi @Adam0101,

This sounds to be an issue with your permissions or ownership. I’ll recommend checking them.

Your files should be 644 permissions and folders 755. You can do achieve that by running :

find /path/to/app -type d -exec chmod 0755 {} \;
find /path/to/app -type f -exec chmod 0644 {} \;

Notice you need to change /path/to/app with your actual path.
Additionally, the above permissions are the standard ones however some applications might need some different perms here and there.

Next one is your ownership. Check what ownership your Website needs to be from Nginx and once done just execute:

chmod -R own:own /path/to/app

Again you need to change /path/to/app with your actual path.
Here you do need to change own:own with the ownership of Nginx as well.

Once you do run those, I believe you’ll be able to use the getimageise function.

  • Hello,

    I have check and my files and folders are already with mentioned rights: 0755 for folders and 0644 for files.

    I checked also the owner of the website and unfortunately I did some test and did not resolved the issue.

    I have put a file aaa.jpg on my website root folder:

    Locally this code is working fine:

    list($imageWidth, $imageHeight) = getimagesize('http://local-mywebsite.com/aaa.jpg');
    echo $imageWidth;
    

    So I change the code to:

    list($imageWidth, $imageHeight) = getimagesize('https://mywebsite.com/aaa.jpg');
    echo $imageWidth;
    

    and I get the error:
    2021/08/04 11:33:00 [error] 2196869#2196869: *388196 FastCGI sent in stderr: “PHP message: PHP Warning: getimagesize(https://mywebsite.com/aaa.jpg): failed to open stream: HTTP request failed! HTTP/1.1 403 Forbidden

    I change the right to 0777 to file and still have the 403.

    I changed the owner of the file aaa.jpg to www-data and changed the owner of the website root folder to www-data as well but still have the 403.

    On /etc/nginx/nginx.conf file I have:
    user www-data;

    I didn’t know where to look at!

    And unexpectedly I remembered that yesterday I added some rules to nginx to block bad bots. Which I didn’t do locally.

    I added this configuration rules:
    https://github.com/mitchellkrogza/nginx-badbot-blocker

    And took a look at it and notified this rules:

    ## Add here all hosts that should be spared any referrer checking.
    ## Whitelist all your own IPs in this section, each IP followed by a 0;
    geo $bad_referer {
        127.0.0.1 0;
        111.111.111.111 0;
    }
    
    

    I added the comment for 127.0.0.1 and it’s now working fine. What is the line 111.1111.111.111 0 for ?

    Thanks for your help :)

    • Hi @Adam0101,

      Sorry for just getting back to you, I saw you managed to resolve the issue and left the comment to answer a bit later and totally forgot.

      First, good job on finding/remebering the changes you’ve made.

      As for the line you mentioned. This is basically, whitelisting that IP address. I don’t think it’s actually needed as this IP address has been added in my opinion as an example.