Hi guys
I got stuck on a problem since long time now. here is the error I get

[Sat Jun 30 04:44:55.379880 2018] [proxy_fcgi:error] [pid 5671] [client 192.168.1.6:46876] AH01071: Got error 'Access to the script 'redirect:/index.php/catalog' has been denied (see security.limit_extensions)\n', referer: https://akii.nc/admin85/index.php?controller=AdminInvoices&token=9f29e159a770e5fcbb43cf0b2a87f947

So to explain about my infrastructure, I’m running nginx as reverse proxy on edge of my network, I am hosting a Prestashop website on a apache2 server runing php7.0-fpm.

After investigations I found this :

cat /etc/php/7.0/fpm/pool.d/www.conf|grep security.limit_extensions
security.limit_extensions = .php .php3 .php4 .php5 .php7 .php7.0 .html .htm .shtml

But still not working.
Here are my nginx conf :

server {
    listen   80;
        server_name     akii.nc;
        return 301 https://akii.nc$request_uri;
}
server {
    listen 443;
    server_name akii.nc;

    error_log /var/log/nginx/nar.access.log;

    ssl on;
    ssl_certificate /etc/nginx/ssl/akii_net/ssl-bundle.crt;
    ssl_certificate_key /etc/nginx/ssl/akii_net/_akii_net.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # dont use SSLv3 ref: POODLE

    set $upstream 192.168.1.5;

    location / {
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass_header Authorization;
        proxy_pass http://$upstream:8880;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_http_version 1.1;
        proxy_set_header Connection "";
        proxy_buffering off;
        client_max_body_size 0;
        proxy_read_timeout 36000s;
        proxy_redirect off;
    }
}

And here are my Apache conf:

000-default.conf
<VirtualHost *:8080>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        ProxyPassMatch ^/(.*\.php(/.*)?)$ unix:/run/php/php7.0-fpm.sock|fcgi://localhost:8880/var/www/nar
</VirtualHost>

akii.nc.conf
<VirtualHost *:8880>
    ServerName akii.nc
    DocumentRoot /var/www/nar
        ErrorLog ${APACHE_LOG_DIR}/nar_error.log
        CustomLog ${APACHE_LOG_DIR}/nar_access.log combined
    <Directory /var/www/nar>
        AllowOverride All
    </Directory>
</VirtualHost>

Any help on that problem would be appreciate.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer

@akaiispam

I think you need to remove proxy_redirect off; from your nginx configuration file, restart nginx and try again.

  • same result. the error message is in apache2 logs don’t know if it helps

    • Why is the other vhost in apache2? You need to configure the vhost with port 8880 to serve php files using php-fpm, this page might help, check step 5.

      • I forgot to mention that I m running web server apache on a raspbian stretch and where I can’t install libapache2-mod-fastcgi which is not present in stretch repo.
        I tried to follow your advice but still get the Access Denied error

Submit an Answer