设置ALLOW_UNFILTERED_UPLOADS后,Wordpress文件下载404

时间:2019-02-24 17:50:56

标签: wordpress nginx

我在nginx上使用WordPress 5.1,并且通过在 ncalls tottime percall cumtime percall filename:lineno(function) 1000 1.332 0.001 1.672 0.002 <input>:11(assemble_substrings) 3654000 0.227 0.000 0.227 0.000 {method 'append' of 'list' objects} 525000 0.112 0.000 0.112 0.000 {built-in method builtins.min} 1000 0.000 0.000 0.000 0.000 {built-in method builtins.len} 1 0.000 0.000 0.000 0.000 {method 'disable' of '_lsprof.Profiler' objects} 这一行wp-config.php中进行设置,允许上传所有文件类型。现在,我可以上传任何内容,但仍然可以下载“允许”的文件,例如图像,但是不能下载其他自定义文件。我收到404错误,但是从nginx日志中,我尝试通过链接访问的文件实际上位于该确切路径下。

链接示例:define( 'ALLOW_UNFILTERED_UPLOADS', true ); 我从Wordpress的媒体管理器中获得了此链接。

nginx.conf:

http://localhost/wp-content/uploads/2019/02/public.key

conf.d / default.conf:

user  nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
}

global / restrictions.conf:

server {
    listen 80 default_server;
    server_name _;
    root /var/www/html;

    client_max_body_size 4096m;

    index index.php;

    include global/restrictions.conf;
    include global/wordpress.conf;
}

global / wordpress.conf:

location = /favicon.ico {
    log_not_found off;
    access_log off;
}

location = /robots.txt {
    allow all;
    log_not_found off;
    access_log off;
    try_files $uri /index.php?$args;
}

location ~ /\. {
    deny all;
}

location ~* /(?:uploads|files)/.*\.php$ {
    deny all;
}


location ~* wp-admin/includes { deny all; }
location ~* wp-includes/theme-compat/ { deny all; }
location ~* wp-includes/js/tinymce/langs/.*\.php { deny all; }
location /wp-content/ { internal; }
location /wp-includes/ { internal; }

location ~ /(\.|wp-config.php|readme.html|license.txt) { deny all; }

location ~ ~$ { access_log off; log_not_found off; deny all; }

0 个答案:

没有答案
相关问题
最新问题