Urls with a php extension cause an error instead of a 404

When you visit a missing url with a php extension it creates an nginx error and shows No input file specified.. The errors logs show:

FastCGI sent in stderr: "Unable to open primary script: /home/forge/example.com/current/public/1.php (No such file or directory)" while reading response header from upstream, client: 99.243.66.152, server: www.example.com, request: "GET /1.php HTTP/2.0", upstream: "fastcgi://unix:/var/run/php/php7.0-fpm.sock:", host: "www.example.com"

This occurs on the forge website itself as well so its not a configuration issue on my end. Just wondering why this is the case. I am finding that bots that are trolling my site for login pages such as wp-login.php are creating tons of errors in the logs.

Example: https://forge.laravel.com/idontexist.php

Cronix

8 years ago

Level 67

I'm not an nginx expert, but Im pretty sure it has to do with these lines in the nginx config for a site that Forge generates:

location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;
    }

Really I wouldn't worry about it though, as long as you don't have links that contain blah.php in your code. They're making URLs up. Those are probably malicious bots looking for an insecure wordpress install. Legit bots (google, bing, etc) won't go trying to crawl urls that aren't present in your html.

Please or to participate in this conversation.