Nginx 403 forbidden, google has not been finished for 3 days, please consult the students.

Environment: centos7+openresty+csf Firewall + php7

both issue: http and https display normally, but after refreshing any web page more than 5 times in about 5 seconds, 403 forbidden, will appear about 10 seconds later, refresh the page, and the page will be accessible again.

post your own error.log and nginx.conf: 

2018/09/05 02:46:56 [notice] 22581-sharp22581: 3260 "^(.)" matches "/robots.txt", client: 162.158.107.13, server: 19.162.19.38, request: "GET /robots.txt HTTP/1.1", host: "www.mydomain.com"

2018/09/05 02:46:56 [notice] 22581-sharp22581: *3260 rewritten redirect: "https://www.mydomain.com/robots.txt", client: 162.158.107.13, server: 19.162.19.38, request: "GET /robots.txt HTTP/1.1", host: "www.mydomain.com"

2018/09/05 02:46:57 [notice] 22581-sharp22581: 3262 "^(.)" matches "/", client: 108.162.245.124, server: 19.162.19.38, request: "GET /?/category-22__is_recommend-1 HTTP/1.1", host: "www.mydomains.com"

2018/09/05 02:46:57 [notice] 22581-sharp22581: *3262 rewritten redirect: "https://www.mydomain.com/?/category-22__is_recommend-1", client: 108.162.245.124, server: 39.12.21.38, request: "GET /?/category-22__is_recommend-1 HTTP/1.1", host: "www.mydomain.com"

2018/09/05 02:50:03 [error] 22581-sharp22581: *3265 open() "/usr/local/openresty/nginx/html/crond/run/1535740897" width="1" height="1" />" failed (2: No such file or directory), client: 119.162.19.388, server: www.mydomain.com, request: "GET /crond/run/1535740897%22%20width%3D%221%22%20height%3D%221%22%20/%3E HTTP/1.1", host: "mydomain.com"

2018/09/05 02:51:28 [error] 22581-sharp22581: *3272 open() "/usr/local/openresty/nginx/html/apple-touch-icon-precomposed.png" failed (2: No such file or directory), client: 173.245.48.63, server: www.mydomain.com, request: "GET /apple-touch-icon-precomposed.png HTTP/1.1", host: "www.mydomain.com"

2018/09/05 02:51:29 [error] 22581-sharp22581: *3273 open() "/usr/local/openresty/nginx/html/apple-touch-icon.png" failed (2: No such file or directory), client: 162.158.58.159, server: www.mydomain.com, request: "GET /apple-touch-icon.png HTTP/1.1", host: "www.mydomain.com"

2018/09/05 02:53:11 [error] 22581-sharp22581: *3295 open() "/usr/local/openresty/nginx/html/favicon.ico" failed (2: No such file or directory), client: 172.69.33.113, server: www.mydomain.com, request: "GET /favicon.ico HTTP/1.1", host: "www.mydomain.com", referrer: "https://www.mydomain.com/?/"

nginx.conf file: 

user root;

worker_processes 1;

-sharperror_log logs/error.log;

error_log logs/error.log debug;

-sharperror_log logs/error.log info;

pid logs/nginx.pid;

events {

worker_connections  1024;
}

http {

include       mime.types;

default_type  application/octet-stream;

-sharplog_format  main  "$remote_addr - $remote_user [$time_local] "$request" "
-sharp                  "$status $body_bytes_sent "$http_referer" "
-sharp                  ""$http_user_agent" "$http_x_forwarded_for"";

-sharpaccess_log  logs/access.log  main;

sendfile        on;
-sharptcp_nopush     on;

-sharpkeepalive_timeout  0;
keepalive_timeout  65;

client_max_body_size 8m;    -sharp
client_body_buffer_size 2m;  -sharp

fastcgi_buffers 8 16k;
fastcgi_buffer_size 32k;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;

gzip  on;
-sharpWAF

lua_shared_dict limit 50m;
lua_shared_dict guard_dict 100m;
lua_shared_dict dict_captcha 70m;
lua_package_path "/usr/local/openresty/nginx/conf/waf/?.lua";
init_by_lua_file "/usr/local/openresty/nginx/conf/waf/init.lua";
access_by_lua_file "/usr/local/openresty/nginx/conf/waf/access.lua";





server {
    listen       80;
    listen       [::]:80 ipv6only=on default_server;
    server_name  39.2.19.38;
    rewrite ^(.*) https://$host$1 permanent;


    -sharpcharset koi8-r;

    -sharpaccess_log  logs/host.access.log  main;

    location / {
        root   html;
        index  index.php index.html index.htm;
    }

    -sharperror_page  404              /404.html;

    -sharp redirect server error pages to the static page /50x.html
    -sharp
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   html;
    }

    -sharp proxy the PHP scripts to Apache listening on 127.0.0.1:80
    -sharp
    -sharplocation ~ \.php$ {
    -sharp    proxy_pass   http://127.0.0.1;
    -sharp}

    -sharp pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    -sharp
    location ~ \.php$ {
       root           html;
       fastcgi_pass   127.0.0.1:9000;
       fastcgi_index  index.php;
       fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
       include        fastcgi_params;
    }

    -sharp deny access to .htaccess files, if Apache"s document root
    -sharp concurs with nginx"s one
    -sharp
    -sharplocation ~ /\.ht {
    -sharp    deny  all;
    -sharp}
}


-sharp another virtual host using mix of IP-, name-, and port-based configuration
-sharp
-sharpserver {
-sharp    listen       8000;
-sharp    listen       somename:8080;
-sharp    server_name  somename  alias  another.alias;

-sharp    location / {
-sharp        root   html;
-sharp        index  index.html index.htm;
-sharp    }
-sharp}


-sharp HTTPS server
-sharp
server {
    listen       443 ssl http2;
    server_name  www.mydomain.com;

    charset  utf-8;
    ssl on;
    default_type  text/plain;
    
   ssl_certificate       1_www.mydomain.com_bundle.crt;
   ssl_certificate_key   2_www.mydomain.com.key;
   

   ssl_session_cache    shared:SSL:1m;
   ssl_session_timeout  5m;
   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

   ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
   ssl_prefer_server_ciphers  on;

    location / {
        root   html;
        index  index.html index.htm index.php;
    }

   location ~ /phpmyadmin/.+\.php$ {
        if ($fastcgi_script_name ~ /phpmyadmin/(.+\.php.*)$) {
         set $valid_fastcgi_script_name $1;
        }
         include fastcgi_params;
         fastcgi_pass 127.0.0.1:9000;
         fastcgi_index index.php;
         fastcgi_param SCRIPT_FILENAME /usr/share/phpMyAdmin/$valid_fastcgi_script_name;
     }

    location ~ \.php$ {
        -sharp 
        fastcgi_pass   127.0.0.1:9000;
        -sharp  nginx ()
        fastcgi_index  index.php;
        -sharp 
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        -sharp  fastcgi 
        include        fastcgi_params;
    }



}
}
Nginx
Jul.03,2021

error message is incomplete. Only some files can not be found in error. However, the error must be caused by permission problems. Check the firewall, nginx fast-php and other running identities, as well as firewall policies, and applicable file access permissions.
try to first only listen 127.0.0.1, turn off the firewall vehicle, and give all file permissions to 777. If there is an apache user in vi / etc/passwd, try running it as apache to see if it is possible.

since you can't handle it, it's better to remove this feature.
otherwise there are a lot of questions waiting for you.

Previous: Html introduces ejs template to report error

Next: Embed a new framework into the old JQ project for iterative development

css mysql arrays josn react html typescript webpack npm sass R objective-c .net sql-server jquery python-3.x angularjs django angular excel regex iphone ajax linux xml pandas vba spring database wordpress string wpf xcode windows bash postgresql oracle multithreading eclipse list firebase algorithm macos forms image scala visual-studio azure bootstrap spring-boot react-native python-2.7 docker performance function winforms matlab powershell apache dataframe api sqlite numpy rest shell selenium flutter dart maven loops qt swing android-studio csv express file class tensorflow sorting codeigniter perl
© 2021 CodesHelper
Advertising Contact us About us
Menu