Azure PHP8 exposing php code

Max Thorley

3/22/24, 11:53 AM

My website runs fine BUT when i add ".PHP" in uppercase to my URL e.g. www.example.com/test.PHP my php code is exposed on the website source code.

I'm running PHP8 on azure.

My NGIX config are as follows:

server {
#proxy_cache cache;
#proxy_cache_valid 200 1s;
listen 8080;
listen [::]:8080;
root /home/site/wwwroot;
index  index.php;
server_name  example.net www.example.net; 
port_in_redirect off;

default_type text/html;

location / {
    try_files $uri $uri/ @ext;
}

location ~ \/\.php {
    rewrite "^(.*)\/.php" $1.php last;
}

location @ext {
    rewrite "^(.*)$" $1.php;
}

location ~ \/\.php {
    deny all;
    access_log off;
    log_not_found off;
}

error_page 403 404  /error.php;

location ~ \.php$ {
    fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
    fastcgi_pass 127.0.0.1:9000;
    include fastcgi_params;
    fastcgi_param HTTP_PROXY "";
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param PATH_INFO $fastcgi_path_info;
    fastcgi_param QUERY_STRING $query_string;
    fastcgi_intercept_errors on;
    fastcgi_connect_timeout         300; 
    fastcgi_send_timeout           3600; 
    fastcgi_read_timeout           3600;
    fastcgi_buffer_size 128k;
    fastcgi_buffers 4 256k;
    fastcgi_busy_buffers_size 256k;
    fastcgi_temp_file_write_size 256k;
}
}

Can't think for the life of me on how to resolve this issue.

UPDATE:

added below which now redirects it to an error page

  location ~ \.PHP$ {
    deny all;
    access_log off;
    log_not_found off;
  }

115

0 + 3

php

nginx

azure

Massimo

3/22/24, 12:17 PM

It looks like this is caused by the nginx configuration being case sensitive; file endings in ".PHP" are not recognized as PHP files and are thus not handled by the PHP interpreter.

Max Thorley

3/22/24, 12:22 PM

is there a way to disable this or rewrite it to lower case? or redirect to an error page if .PHP is entered

Max Thorley

3/22/24, 12:39 PM

I added : `code` location ~ \.PHP$ { deny all; access_log off; log_not_found off; } `code` and got it to redirect to an error page instead

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Azure PHP8 exposing php code

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.