0

recently i change my web server from apache to nginx, my site using using wordpress and use google drive wp media plugin to store image in google drive , after i change to nginx all image suddenly post images are not Display honestly i dont know where to begin but there is .htaccess and php file on /wp-content/uploads/gdwpm_images here is the .htaccess file

RewriteEngine on RewriteBase / RewriteCond %{QUERY_STRING} !^imgid= [NC] RewriteRule ^(.*)$ wp-content/uploads/gdwpm_images/index.php?imgid=$1 [L,NC,QSA]

and here the index.php file

<?php if (isset($_GET['imgid'])){ $gdwpm_ekst_gbr = explode('.', $_GET['imgid']); if($gdwpm_ekst_gbr[1] == 'png' || $gdwpm_ekst_gbr[1] == 'gif' || $gdwpm_ekst_gbr[1] == 'bmp'){ header("Content-Type: image/" . $gdwpm_ekst_gbr[1]); }else{ header("Content-Type: image/jpg"); } $gdurl = "https://docs.google.com/uc?id=" . $gdwpm_ekst_gbr[0] . "&export=view"; @readfile($gdurl); } ?>

i tried this:

# nginx configuration location / { if ($query_string !~ "^imgid="){ rewrite ^(.*)$ /wp-content/uploads/gdwpm_images/index.php?imgid=$1 break; } }

and this

location ~ /wp-content/uploads/gdwpm_images/index.php { if ($args ~* "^imgid=") { set $mid $1; set $args ''; rewrite ^.*$ /wp-content/uploads/gdwpm_images/index.php?imgid=$1 permanent; } }

nothing works, all image like 

 http://example.com/wp-content/uploads/gdwpm_images/0B73ed93lY08zZkXsDDkY5VFNSZjg.jpg

return in 404, how is the correct rewrite rule for this thanks

edit : Server Ubuntu 14.04.4 LTS (GNU/Linux 3.13.0-79-generic x86_64) nginx version: nginx/1.4.6 (Ubuntu) PHP 5.5.9-1ubuntu4.14 (fpm-fcgi) cURL support enabled cURL Information 7.35.0 

#AUTOMATICALLY GENERATED - DO NO EDIT! server { listen *:80; server_name example.com; access_log /var/log/nginx/examplecom.access.log; error_log /var/log/nginx/example.com.error.log; root /srv/examplecom; index index.html index.htm index.php; # This order might seem weird - this is attempted to match last if rules below fail. location / { try_files $uri $uri/ /index.php?$args; } location /wp-content/uploads/gdwpm_images { if ($query_string !~ "^imgid=") { rewrite ^/(.*)$ /wp-content/uploads/gdwpm_images/index.php?imgid=$1 last; } } # Add trailing slash to */wp-admin requests. rewrite /wp-admin$ $scheme://$host$uri/ permanent; # Directives to send expires headers and turn off 404 error logging. location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ { access_log off; log_not_found off; expires max; } location = /favicon.ico { log_not_found off; access_log off; } location = /robots.txt { allow all; log_not_found off; access_log off; } # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban) location ~ /\. { deny all; } # Deny access to any files with a .php extension in the uploads directory # Works in sub-directory installs and also in multisite network # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban) location ~* /(?:uploads|files)/.*\.php$ { deny all; } location ~ [^/]\.php(/|$) { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_index index.php; include fcgi.conf; fastcgi_pass unix:/var/run/ajenti-v-php-fcgi-examplecom-php-fcgi-0.sock; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; } }

im using Ajenti web panel for my nginx server

Improve this question

1 Answer 1

Reset to default
1

The index.php file should be processed by a different location block, so (hopefully) all you need to do is rewrite the non-php files at that location using:

location ^~ /wp-content/uploads/gdwpm_images { rewrite ^/(.*)$ /wp-content/uploads/gdwpm_images/index.php?imgid=$1 last; }

However, the main problem is that .php files below /uploads/ are explicitly forbidden by the location ~* /(?:uploads|files)/.*\.php$ rule.

Rather than open that rule and risk upload exploits - it may be better to move and rename index.php to somewhere outside of the protected area.

EDIT2: Added ^~ to prevent the location being overridden by the location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ block.

Improve this answer
8
  • Hi thanks for your answer, i've been testing this before but still get 404 on the images Commented Mar 25, 2016 at 12:57
  • @Jason Check the access and error logs for the exact cause of the 404 response. Meanwhile update your question with the server configuration, in case that location is being overridden somewhere else. Commented Mar 25, 2016 at 13:07
  • here the error log and also i've update the server configuration, "2016/03/25 08:46:22 [error] 3283#0: *43 access forbidden by rule, client: 8.37.235.232, server: example.com, request: "GET /wp-content/uploads/gdwpm_images/0CC75fd93lY08zR1ExZ542f1ZlREE.jpg HTTP/1.1", host: "example.com" " Commented Mar 25, 2016 at 13:40
  • @Jason please update your question and add the nginx server { ... } block, so that we can see all of your location blocks. Sorry for any confusion. Commented Mar 25, 2016 at 13:43
  • no problem , i've update my question Commented Mar 25, 2016 at 14:00

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.