nginx reverse proxy and apache2 Access denied

Posted June 29, 2018 3.5k views

Hi guys
I got stuck on a problem since long time now. here is the error I get

[Sat Jun 30 04:44:55.379880 2018] [proxy_fcgi:error] [pid 5671] [client] AH01071: Got error 'Access to the script 'redirect:/index.php/catalog' has been denied (see security.limit_extensions)\n', referer:

So to explain about my infrastructure, I’m running nginx as reverse proxy on edge of my network, I am hosting a Prestashop website on a apache2 server runing php7.0-fpm.

After investigations I found this :

cat /etc/php/7.0/fpm/pool.d/www.conf|grep security.limit_extensions
security.limit_extensions = .php .php3 .php4 .php5 .php7 .php7.0 .html .htm .shtml

But still not working.
Here are my nginx conf :

server {
    listen   80;
        return 301$request_uri;
server {
    listen 443;

    error_log /var/log/nginx/nar.access.log;

    ssl on;
    ssl_certificate /etc/nginx/ssl/akii_net/ssl-bundle.crt;
    ssl_certificate_key /etc/nginx/ssl/akii_net/_akii_net.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # dont use SSLv3 ref: POODLE

    set $upstream;

    location / {
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass_header Authorization;
        proxy_pass http://$upstream:8880;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_http_version 1.1;
        proxy_set_header Connection "";
        proxy_buffering off;
        client_max_body_size 0;
        proxy_read_timeout 36000s;
        proxy_redirect off;

And here are my Apache conf:

<VirtualHost *:8080>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        ProxyPassMatch ^/(.*\.php(/.*)?)$ unix:/run/php/php7.0-fpm.sock|fcgi://localhost:8880/var/www/nar
<VirtualHost *:8880>
    DocumentRoot /var/www/nar
        ErrorLog ${APACHE_LOG_DIR}/nar_error.log
        CustomLog ${APACHE_LOG_DIR}/nar_access.log combined
    <Directory /var/www/nar>
        AllowOverride All

Any help on that problem would be appreciate.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
1 answer


I think you need to remove proxy_redirect off; from your nginx configuration file, restart nginx and try again.

  • same result. the error message is in apache2 logs don’t know if it helps

    • Why is the other vhost in apache2? You need to configure the vhost with port 8880 to serve php files using php-fpm, this page might help, check step 5.

      • I forgot to mention that I m running web server apache on a raspbian stretch and where I can’t install libapache2-mod-fastcgi which is not present in stretch repo.
        I tried to follow your advice but still get the Access Denied error