php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Doc Bug #80580 listen.allowed_clients does not operate as expected with blank or "any" value
Submitted: 2021-01-03 22:07 UTC Modified: 2022-03-02 22:56 UTC
From: matthew at mamis dot com dot au Assigned: bukka (profile)
Status: Closed Package: FPM related
PHP Version: 7.4.13 OS: RedHat 8
Private report: No CVE-ID: None
 [2021-01-03 22:07 UTC] matthew at mamis dot com dot au
Description:
------------
In PHP FPM, setting listen.allowed_clients to either of the following values will result in PHP-FPM rejecting fastcgi requests

This is unexpected behaviour, as the documentation states that...

(1) If this value is left blank, connections will be accepted from any ip address.

(2) Default Value: any

Test script:
---------------
php-fpm.conf:

[global]
pid = /run/php/php-fpm.pid
error_log = /var/log/php-fpm.log
include=/etc/php-fpm/pool.d/*.conf


pool.d/www.conf (example: 1):

[www]
user = php-fpm
group = php-fpm

listen = 9000
listen.allowed_clients = 


pool.d/www.conf (example: 2):

[www]
user = php-fpm
group = php-fpm

listen = 9000
listen.allowed_clients = any

Expected result:
----------------
Setting listen.allowed_clients to a value of "" or "any" should result in the fastcgi connection being accepted

Actual result:
--------------
PHP-FPM rejects the request, with the following error...

php-fpm_1  | ERROR: Connection disallowed: IP address '172.20.0.5' has been dropped.


Additionally, the following error messages are thrown on startup...

Example 1 (listen.allowed_clients = )

php-fpm_1  | ERROR: Wrong IP address '' in listen.allowed_clients
php-fpm_1  | ERROR: There are no allowed addresses


Example 2 (listen.allowed_clients = any)

php-fpm_1  | ERROR: Wrong IP address 'any' in listen.allowed_clients
php-fpm_1  | ERROR: There are no allowed addresses

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2021-01-03 23:51 UTC] daverandom@php.net
-Status: Open +Status: Verified
 [2021-01-03 23:51 UTC] daverandom@php.net
reproduced in 8.0.0
 [2021-01-03 23:56 UTC] daverandom@php.net
It is, however, worth noting that this may be simply a documentation issue. The phrasing "left blank" would probably be more accurately stated as "not specified" and the term "any" does not necessarily imply that the literal string "any" should mean "any value".

That said, I would at least expect the empty string to function the same as unspecified in this case.
 [2021-01-30 21:03 UTC] bukka@php.net
-Type: Bug +Type: Documentation Problem
 [2021-01-30 21:03 UTC] bukka@php.net
Yeah this is a documentation issue. It should not be specified if all connections are allowed.
 [2022-03-02 22:56 UTC] bukka@php.net
-Status: Verified +Status: Closed -Assigned To: +Assigned To: bukka
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Dec 22 06:01:30 2024 UTC