php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Doc Bug #80580 listen.allowed_clients does not operate as expected with blank or "any" value
Submitted: 2021-01-03 22:07 UTC Modified: 2021-01-30 21:03 UTC
From: matthew at mamis dot com dot au Assigned:
Status: Verified Package: FPM related
PHP Version: 7.4.13 OS: RedHat 8
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please — but make sure to vote on the bug!
Your email address:
MUST BE VALID
Solve the problem:
2 + 23 = ?
Subscribe to this entry?

 
 [2021-01-03 22:07 UTC] matthew at mamis dot com dot au
Description:
------------
In PHP FPM, setting listen.allowed_clients to either of the following values will result in PHP-FPM rejecting fastcgi requests

This is unexpected behaviour, as the documentation states that...

(1) If this value is left blank, connections will be accepted from any ip address.

(2) Default Value: any

Test script:
---------------
php-fpm.conf:

[global]
pid = /run/php/php-fpm.pid
error_log = /var/log/php-fpm.log
include=/etc/php-fpm/pool.d/*.conf


pool.d/www.conf (example: 1):

[www]
user = php-fpm
group = php-fpm

listen = 9000
listen.allowed_clients = 


pool.d/www.conf (example: 2):

[www]
user = php-fpm
group = php-fpm

listen = 9000
listen.allowed_clients = any

Expected result:
----------------
Setting listen.allowed_clients to a value of "" or "any" should result in the fastcgi connection being accepted

Actual result:
--------------
PHP-FPM rejects the request, with the following error...

php-fpm_1  | ERROR: Connection disallowed: IP address '172.20.0.5' has been dropped.


Additionally, the following error messages are thrown on startup...

Example 1 (listen.allowed_clients = )

php-fpm_1  | ERROR: Wrong IP address '' in listen.allowed_clients
php-fpm_1  | ERROR: There are no allowed addresses


Example 2 (listen.allowed_clients = any)

php-fpm_1  | ERROR: Wrong IP address 'any' in listen.allowed_clients
php-fpm_1  | ERROR: There are no allowed addresses

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2021-01-03 23:51 UTC] daverandom@php.net
-Status: Open +Status: Verified
 [2021-01-03 23:51 UTC] daverandom@php.net
reproduced in 8.0.0
 [2021-01-03 23:56 UTC] daverandom@php.net
It is, however, worth noting that this may be simply a documentation issue. The phrasing "left blank" would probably be more accurately stated as "not specified" and the term "any" does not necessarily imply that the literal string "any" should mean "any value".

That said, I would at least expect the empty string to function the same as unspecified in this case.
 [2021-01-30 21:03 UTC] bukka@php.net
-Type: Bug +Type: Documentation Problem
 [2021-01-30 21:03 UTC] bukka@php.net
Yeah this is a documentation issue. It should not be specified if all connections are allowed.
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Mon May 17 12:01:27 2021 UTC