Thursday, October 4, 2018

nginx returns 403 forbidden error on file upload

By Hường Hana 8:00 AM , , Leave a Comment

I have a php website, in codeigniter, which allows users to upload files. Upload works fine for most of files. But for few files nginx throws 403 Forbidden error. like

<html> <head><title>403 Forbidden</title></head> <body bgcolor="white"> <center><h1>403 Forbidden</h1></center> </body> </html> <!-- a padding to disable MSIE and Chrome friendly error page --> <!-- a padding to disable MSIE and Chrome friendly error page --> <!-- a padding to disable MSIE and Chrome friendly error page --> <!-- a padding to disable MSIE and Chrome friendly error page --> <!-- a padding to disable MSIE and Chrome friendly error page --> <!-- a padding to disable MSIE and Chrome friendly error page -->

This is one of the sample .rb file that fails to upload

# Sample code from Programing Ruby, page 58 string = <<END_OF_STRING     The body of the string     is the input lines up to     one ending with the same     text that followed the '<<' END_OF_STRING

If i remove '<<' from this file, upload works. Where is this filtration happening?

I have seen nginx error logs, nothing in there. I have seen codeigniter logs, nothing there. Infact upload request doesn't reach my Codeigniter controller, so must be blocked before reaching there by nginx?

Here is upload code in Javascript

function upload(file, params) {     var formData = new FormData();     formData.append("Filedata", file);     $.each(params, function(key, value) {        formData.append(key, value);      });      var xhr = new XMLHttpRequest();     var action = "/upload/file";      xhr.upload.onprogress = function(e){         // show progress with e.loaded, e.total     };      xhr.onerror = function(e) {          // handle error     };      xhr.open("POST", action, true);     xhr.send(formData); }

On server side, I have simple code for now.

if( !isset($_FILES['Filedata']) || !file_exists($_FILES['Filedata']['tmp_name']) ) {     die('File not submitted.'); } else {      // Save file code is here }

1 Answers

Answers 1

I don't have a solution, but probably related to your single quotes. Doesn't .append have it read through that file? Wouldn't it terminate on the single quote?
Essentially going: 

if( !isset($_FILES['# Sample code from Programing Ruby, page 58   string = <<END_OF_STRING       The body of the string       is the input lines up to       one ending with the same       text that followed the '
If You Enjoyed This, Take 5 Seconds To Share It

0 comments:

Post a Comment