我有一个Bolt网站,其中安装了sitemap扩展程序。转到example.com/sitemap
会产生预期的输出,但转到example.com/sitemap.xml
会从nginx返回403
。我觉得我的nginx服务器块有些不对劲,但我不确定是什么。我知道我曾经在PDF文件上收到相同的错误,直到我明确地将pdf
添加到"强制执行缓存"部分。
如果没有nginx首先判断它是一个虚假的请求,我怎样才能到达Bolt route /sitemap.xml?
我的服务器配置文件如下。名称已被更改以保护无辜者。
server {
listen 80;
server_name example.com *.example.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name example.com *.example.com;
ssl_certificate /home/example/keys/example.crt;
ssl_certificate_key /home/example/keys/example.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location ~ \.php$ {
fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
include fastcgi.conf;
fastcgi_param PHP_VALUE "auto_prepend_file=/srv/http/xhgui.example.com/external/header.php";
}
root /srv/http/example/web;
index index.php;
# The main Bolt website
location / {
try_files $uri $uri/ /index.php?$query_string;
}
# Generated thumbnail images
location ~* /thumbs/(.*)$ {
try_files $uri $uri/ /index.php?$query_string;
}
# Bolt backend access
#
# NOTE: If you set a custom branding path, you will need to change '/bolt/'
# here to match
location ~* /admin/(.*)$ {
try_files $uri $uri/ /index.php?$query_string;
}
# Enforce caching for certain file extension types
location ~* \.(?:ico|css|js|gif|jpe?g|pdf|png|ttf|woff|woff2)$ {
access_log off;
expires 30d;
add_header Pragma public;
add_header Cache-Control "public, mustrevalidate, proxy-revalidate";
}
# Don't create logs for favicon.ico or robots.txt requests
location = /(?:favicon.ico|robots.txt) {
access_log off;
log_not_found off;
}
# Block PHP files from being run in upload (files), app, theme and extension directories
location ~* /(?:app|extensions|files|theme)/(.*)\.php$ {
deny all;
}
# Block hidden files
location ~ \. {
deny all;
}
# Block access to Sqlite database files
location ~ \.(?:db)$ {
deny all;
}
# Block access to the app, cache & vendor directories
location ~ /(?:app|src|tests|vendor) {
deny all;
}
# Block access to Markdown, Twig & YAML files directly
location ~* /(.*)\.(?:markdown|md|twig|yaml|yml)$ {
deny all;
}
}
答案 0 :(得分:0)
令我惊讶的是,块
# Block hidden files
location ~ \. {
deny all;
}
似乎适用于所有内容,而不仅仅是以点开头的文件。通过将其更改为
来修复# Block hidden files
location ~ /\. {
deny all;
}