I am consistently getting following errors in error.log
2016/02/15 11:54:21 [error] 25085#0: *42344 access forbidden by rule, client: 122.252.249.67, server: example.com, request: "GET /wp-content/uploads/sp-resources/forum-themes/reboot/styles/reboot.php?overlay=chrome&theme=reboot&device=desktop&site=1&ver=4.4.2 HTTP/1.1", host: "example.com", referrer: "http://example.com/index.php/forum/"
I am unable to locate, which rule is denying the access.
/etc/nginx/common/locations.conf
# NGINX CONFIGURATION FOR COMMON LOCATION
# DO NOT MODIFY, ALL CHANGES LOST AFTER UPDATE EasyEngine (ee)
# Basic locations files
location = /favicon.ico {
access_log off;
log_not_found off;
expires max;
}
location = /robots.txt {
# Some WordPress plugin gererate robots.txt file
# Refer #340 issue
try_files $uri $uri/ /index.php?$args;
access_log off;
log_not_found off;
}
# Cache static files
location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf)$ {
add_header "Access-Control-Allow-Origin" "*";
access_log off;
log_not_found off;
expires max;
}
# Security settings for better privacy
# Deny hidden files
location ~ /\.well-known {
allow all;
}
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
# Deny backup extensions & log files
location ~* ^.+\.(bak|log|old|orig|original|php#|php~|php_bak|save|swo|swp|sql)$ {
deny all;
access_log off;
log_not_found off;
}
# Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html)
if ($uri ~* "^.+(readme|license|example)\.(txt|html)$") {
return 403;
}
# Status pages
location /nginx_status {
stub_status on;
access_log off;
include common/acl.conf;
}
location ~ ^/(status|ping) {
include fastcgi_params;
fastcgi_pass php;
include common/acl.conf;
}
# EasyEngine (ee) utilities
# phpMyAdmin settings
location /pma {
return 301 https://$host:22222/db/pma;
}
location /phpMyAdmin {
return 301 https://$host:22222/db/pma;
}
location /phpmyadmin {
return 301 https://$host:22222/db/pma;
}
location /phpmyadmin {
return 301 https://$host:22222/db/pma;
}
# Adminer settings
location /adminer {
return 301 https://$host:22222/db/adminer;
}
/etc/nginx/sites-available/example.com
server {
# Uncomment the following line for domain mapping
# listen 80 default_server;
server_name example.com *.example.com;
# Uncomment the following line for domain mapping
#server_name_in_redirect off;
access_log /var/log/nginx/example.com.access.log rt_cache;
error_log /var/log/nginx/example.com.in.error.log;
root /var/www/example.com/htdocs;
index index.php index.html index.htm;
include common/wpfc.conf;
include common/wpsubdir.conf;
include common/wpcommon.conf;
include common/locations.conf;
include /var/www/example.com/conf/nginx/*.conf;
}
/etc/nginx/sites-enabled/example.com
server {
# Uncomment the following line for domain mapping
# listen 80 default_server;
server_name example.com *.example.com;
# Uncomment the following line for domain mapping
#server_name_in_redirect off;
access_log /var/log/nginx/example.com.access.log rt_cache;
error_log /var/log/nginx/example.com.error.log;
root /var/www/example.com/htdocs;
index index.php index.html index.htm;
include common/wpfc.conf;
include common/wpsubdir.conf;
include common/wpcommon.conf;
include common/locations.conf;
include /var/www/example.com/conf/nginx/*.conf;
}
Additional information: I am using SimplePress on WordPress. I have installed WordPress using easyengine.
Best Answer
If you can't work it out by what you know, work it out by trial and error. Take out the includes one by one, if one of them does it, take out parts of the included file that's the problem. If it's not an included file take out location blocks until it works, or something interesting happens. A process of elimination.
The problem was in a block inside /etc/nginx/common/wpcommon.conf