php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Doc Bug #80580 listen.allowed_clients does not operate as expected with blank or "any" value
Submitted: 2021-01-03 22:07 UTC Modified: 2022-03-02 22:56 UTC
From: matthew at mamis dot com dot au Assigned: bukka (profile)
Status: Closed Package: FPM related
PHP Version: 7.4.13 OS: RedHat 8
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem:
41 - 21 = ?
Subscribe to this entry?

 
 [2021-01-03 22:07 UTC] matthew at mamis dot com dot au 
Description:
------------
In PHP FPM, setting listen.allowed_clients to either of the following values will result in PHP-FPM rejecting fastcgi requests

This is unexpected behaviour, as the documentation states that...

(1) If this value is left blank, connections will be accepted from any ip address.

(2) Default Value: any

Test script:
---------------
php-fpm.conf:

[global]
pid = /run/php/php-fpm.pid
error_log = /var/log/php-fpm.log
include=/etc/php-fpm/pool.d/*.conf


pool.d/www.conf (example: 1):

[www]
user = php-fpm
group = php-fpm

listen = 9000
listen.allowed_clients = 


pool.d/www.conf (example: 2):

[www]
user = php-fpm
group = php-fpm

listen = 9000
listen.allowed_clients = any

Expected result:
----------------
Setting listen.allowed_clients to a value of "" or "any" should result in the fastcgi connection being accepted

Actual result:
--------------
PHP-FPM rejects the request, with the following error...

php-fpm_1  | ERROR: Connection disallowed: IP address '172.20.0.5' has been dropped.


Additionally, the following error messages are thrown on startup...

Example 1 (listen.allowed_clients = )

php-fpm_1  | ERROR: Wrong IP address '' in listen.allowed_clients
php-fpm_1  | ERROR: There are no allowed addresses


Example 2 (listen.allowed_clients = any)

php-fpm_1  | ERROR: Wrong IP address 'any' in listen.allowed_clients
php-fpm_1  | ERROR: There are no allowed addresses

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2021-01-03 23:51 UTC] daverandom@php.net
-Status: Open +Status: Verified
 [2021-01-03 23:51 UTC] daverandom@php.net 
reproduced in 8.0.0
 [2021-01-03 23:56 UTC] daverandom@php.net 
It is, however, worth noting that this may be simply a documentation issue. The phrasing "left blank" would probably be more accurately stated as "not specified" and the term "any" does not necessarily imply that the literal string "any" should mean "any value".

That said, I would at least expect the empty string to function the same as unspecified in this case.
 [2021-01-30 21:03 UTC] bukka@php.net
-Type: Bug +Type: Documentation Problem
 [2021-01-30 21:03 UTC] bukka@php.net 
Yeah this is a documentation issue. It should not be specified if all connections are allowed.
 [2022-03-02 22:56 UTC] bukka@php.net
-Status: Verified +Status: Closed -Assigned To: +Assigned To: bukka
 [2022-03-02 22:56 UTC] bukka@php.net 
This has been fixed by https://github.com/php/doc-en/commit/557f8ed419f9798a76539bee44754d4288ceccad
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Apr 25 10:01:29 2024 UTC