最近我将我的网络服务器从 apache 更改为 nginx,我的网站使用 wordpress 并使用 google drive wp media 插件将图像存储在 google drive 中,在我更改为 nginx 之后,所有图像突然发布图像都没有显示老实说我不知道从哪里开始但 /wp-content/uploads/gdwpm_images 上有 .htaccess 和 php 文件这里是 .htaccess 文件
RewriteEngine 开启
重写库 /
RewriteCond %{QUERY_STRING} !^imgid= [NC]
重写规则 ^(.*)$ wp-content/uploads/gdwpm_images/index.php?imgid=$1 [L,NC,QSA]
这是 index.php 文件
<?php
if (isset($_GET['imgid'])){
$gdwpm_ekst_gbr = explode('.', $_GET['imgid']);
if($gdwpm_ekst_gbr[1] == 'png' || $gdwpm_ekst_gbr[1] == 'gif' || $gdwpm_ekst_gbr[1] == 'bmp'){
header("Content-Type: image/" . $gdwpm_ekst_gbr[1]);
}else{
header("Content-Type: image/jpg");
}
$gdurl = "https://docs.google.com/uc?id=" . $gdwpm_ekst_gbr[0] . "&export=view";
@readfile($gdurl);
}
?>
我尝试过这个:
# nginx configuration location / { if ($query_string !~ "^imgid="){ rewrite ^(.*)$ /wp-content/uploads/gdwpm_images/index.php?imgid=$1 break; } }
和这个
location ~ /wp-content/uploads/gdwpm_images/index.php {
if ($args ~* "^imgid=") {
set $mid $1;
set $args '';
rewrite ^.*$ /wp-content/uploads/gdwpm_images/index.php?imgid=$1 permanent;
}
}
什么都没用,所有的图像都像
http://example.com/wp-content/uploads/gdwpm_images/0B73ed93lY08zZkXsDDkY5VFNSZjg.jpg
返回 404,正确的重写规则是什么,谢谢
编辑:服务器 Ubuntu 14.04.4 LTS(GNU/Linux 3.13.0-79-generic x86_64) nginx 版本:nginx/1.4.6(Ubuntu) PHP 5.5.9-1ubuntu4.14(fpm-fcgi) cURL 支持已启用 cURL 信息 7.35.0
#AUTOMATICALLY GENERATED - DO NO EDIT!
server {
listen *:80;
server_name example.com;
access_log /var/log/nginx/examplecom.access.log;
error_log /var/log/nginx/example.com.error.log;
root /srv/examplecom;
index index.html index.htm index.php;
# This order might seem weird - this is attempted to match last if rules below fail.
location / {
try_files $uri $uri/ /index.php?$args;
}
location /wp-content/uploads/gdwpm_images {
if ($query_string !~ "^imgid=") {
rewrite ^/(.*)$ /wp-content/uploads/gdwpm_images/index.php?imgid=$1 last;
}
}
# Add trailing slash to */wp-admin requests.
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
# Directives to send expires headers and turn off 404 error logging.
location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
access_log off; log_not_found off; expires max;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
location ~ /\. {
deny all;
}
# Deny access to any files with a .php extension in the uploads directory
# Works in sub-directory installs and also in multisite network
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
location ~* /(?:uploads|files)/.*\.php$ {
deny all;
}
location ~ [^/]\.php(/|$) {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
include fcgi.conf;
fastcgi_pass unix:/var/run/ajenti-v-php-fcgi-examplecom-php-fcgi-0.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
我使用 Ajenti web 面板作为我的 nginx 服务器
答案1
该index.php文件应该由不同的块处理location,因此(希望)您需要做的就是rewrite使用以下命令在该位置处理非 php 文件:
location ^~ /wp-content/uploads/gdwpm_images {
rewrite ^/(.*)$ /wp-content/uploads/gdwpm_images/index.php?imgid=$1 last;
}
然而,主要的问题是.php下面的文件/uploads/是规则明确禁止的location ~* /(?:uploads|files)/.*\.php$。
与其打开该规则并冒着上传漏洞的风险,不如移动并重命名index.php到受保护区域之外的某个地方。
EDIT2:添加^~以防止位置被块覆盖location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$。