php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #60763 Access denied. when file extension is .html
Submitted: 2012-01-15 23:27 UTC Modified: 2012-01-16 00:06 UTC
Votes:2
Avg. Score:5.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:2 (100.0%)
Same OS:2 (100.0%)
From: nbari at dalmp dot com Assigned:
Status: Closed Package: FPM related
PHP Version: 5.3.9 OS: FreeBSD / Mac OS
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: nbari at dalmp dot com
New email:
PHP Version: OS:

 

 [2012-01-15 23:27 UTC] nbari at dalmp dot com
Description:
------------
When serving .html files as php an "Access denied." is displayed instead of the 
properly parsed page.

With php versions <= 5.3.8 the following configuration example works for nginx

--
server {
  server_name domain.tpl *.domain.tld;
  root   /home/sites/domain.tld/home/html;

  location ~ \.(php|htm|html)$ {
    fastcgi_pass   unix:/tmp/php-fpm.socket;  
    fastcgi_index  index.php;
    fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include        fastcgi_params;
  }

}
--

files on /home/sites/domain.tld/home/html are:

http://domain.tld/index.html <--- does not work with php-5.3.9 display an Access 
denied. 
http://domain.tld/test.php   <--- works 

Expected result:
----------------
properly parse the .html and display the content.

Actual result:
--------------
Access denied.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-01-16 00:06 UTC] nbari at dalmp dot com
php 5.3.9 adds support to chose what extensions to parse 

the solution was to add the next line the php-fpm.conf

security.limit_extensions = .php .html
 [2012-01-16 00:06 UTC] nbari at dalmp dot com
-Status: Open +Status: Closed
 [2012-01-16 21:52 UTC] dmilith at gmail dot com
It also happens on Debian Lenny. It's not system related.
 [2012-01-16 21:56 UTC] fat@php.net
Be aware that FPM is marked as *experimental* on 5.3.x. Which means that changes 
can break configurations between release.

It's the case between 5.3.8 and 5.3.9 as the security.limit_extensions 
configuration item has been added and it defaults to .php. If you need to execute 
other extensions, you have to change this setting.

++ fat

Note: the experimental flag has been removed in 5.4.x.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Oct 14 18:01:28 2024 UTC