Access to a file is blocked

Avatar
Rob Rex

I’m trying to install a WordPress plugin, but it’s giving me this error:

Execution of the PHP file from the “/app/webpc-passthru.php” path is blocked on your server, or access to this file is blocked.

Can you tell me what might be blocking access to this file?

web:
  locations:
    "/":
      # The public directory of the app, relative to its root.
      root: "web"
      # The front-controller script to send non-static requests to.
      passthru: "/index.php"
      # Wordpress has multiple roots (wp-admin) so the following is required
      index:
        - "index.php"
      # The number of seconds whitelisted (static) content should be cached.
      expires: 600
      scripts: true
      allow: true
      rules:
        ^/composer\.json:
          allow: false
        ^/license\.txt$:
          allow: false
        ^/readme\.html$:
          allow: false
        ^\/app\/uploads\/(?<path>.+)\.webp$: # What do we do when a .webp file is requested?
          allow: false # DO NOT look for it in the /app/uploads directory
          passthru: '/app/uploads-webpc/uploads/$path.webp' # Instead, Look for the file in /app/uploads-webpc
    "/app/uploads-webpc": # What do we do when a URL requested to /app/uploads-webpc is made?
        allow: true # Allow any file in this directory to be viewed
        scripts: false # Do not allow scripts to run
        rules:
          ^\/app\/uploads\/(?<path>.+)\.webp$: # What do we do when a .webp file is requested?
            allow: true # Try to loaded it if it exists
            passthru: '/app/uploads/$path' # If it is not found, check for the original version in /app/uploads
    "/wp/wp-content/cache":
      root: "web/app/cache"
      scripts: false
      allow: false
    "/wp/wp-content/uploads":
      root: "web/app/uploads"
      scripts: false
      allow: false
      rules:
        # Allow access to common static files.
        ? '(?<!\-lock)\.(?i:jpe?g|gif|png|avif|webp|svg|bmp|ico|css|js(?:on)?|eot|ttf|woff|woff2|pdf|docx?|xlsx?|pp[st]x?|psd|odt|key|mp[2-5g]|m4[av]|og[gv]|wav|mov|wm[av]|avi|3g[p2])$'
        : allow: true
          expires: 1w
0

Comments

4 comments
Date Votes
  • Avatar
    Paul Gilzow

    i’m going to make some assumptions based on what you’ve included. If any of those assumptions are incorrect, please let me know.

    It looks like you have your web root set to /app/web/ and webpc-passthru.php is stored in the directory above (ie /app/webpc-passthru.php). The file should be includable but unless you have a location defined for it, it wont be accessible from the web.

    I’ve not used this plugin before but I’m surprised it would want to place one of its files above the webroot. :puzzled: Is the /app/webpc-passthru.php it’s referencing the physical path or the URI?

    0
  • Avatar
    Rob Rex

    I believe it’s trying to reach the file at https://mywebsite.com/app/webpc-passthru.php

    Thanks for your help!

    0
  • Avatar
    Rob Rex
    (Edited )

    Here is the screenshot of the error returned by the plugin. I'd love it if you could help me resolve this.

    0
  • Avatar
    Paul Gilzow
    (Edited )

    based on this:

    "/wp/wp-content/uploads":
  root: "web/app/uploads"

    from your file above, your web root is web. and you're exposing the *server* directory ./web/app/uploads to the world as /wp/wp-content/uploads

    Since you also have 

    "/wp/wp-content/cache":
  root: “web/app/cache”

    as a location, you could instead combine those into:

    "/wp/wp-content":
  root: "web/app"

    if the file webpc-passthru.php is physically (ie the server path) located at ./web/app/webpc-passthru.php then it will be exposed to the world as https://site-domain/wp/wp-content/webpc-passthru.php

     

    0

Please sign in to leave a comment.

 

Didn't find what you were looking for?

New post