Forwarded to devs Apache/nginx directives not working anymore?!

[Azurel]

User name: Azurel

TITLE

Apache/nginx directives not working anymore?!

PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE

CentOS Linux 8.2.2004, Plesk Obsidian Version 18.0.29 Update #3

PROBLEM DESCRIPTION

Before migrate to new server, this should all working fine. Now, here is nothing really working.


#1
I have in one subdomain disabled nginx static file processing
See Image

All requests continue to go through nginx, not apache. access_ssl_log is always 0 Byte!


#2
In apache this is not working

<LocationMatch "^/images/">
Order allow,deny
Deny from all
</LocationMatch>

I have still access to image files in "images" folder.


#3
I have enabled static file processing for nginx and this is not working

location ~* ^/images/ {
deny all;
}

Set "deny all;" in "Additional nginx directives" stops all requests. So this is working! So why its not working with location?


#4
Set custom expire for only css- and js-files not working

location ~* ^/(.*\.(css|js))$ {
expires 30d;
add_header Cache-Control "public";
}

In request header there is no caching. Here too, location is not working.

Whats happened here?!

STEPS TO REPRODUCE

See description

ACTUAL RESULT

See description

EXPECTED RESULT

See description

ANY ADDITIONAL INFORMATION

I have changed on new server this

Removing the X-Powered-By header => How to remove/modify any header for all websites hosted in Plesk for Linux?

Enable server-wide gzip compression using SSH connection => How to enable gzip compression in Apache on Plesk server?

YOUR EXPECTATIONS FROM PLESK SERVICE TEAM

Confirm bug

 

[Azurel]

Here a example for a another domain

now call https://www.example.com/images/test.webp

Result: I can see that image

/var/www/vhosts/system/example.com/conf/vhost_nginx.conf have the correct code.

UPDATE:
This is not working too

location ~* \.webp$ {
deny all;
return 403;
}

 

[IgorG]

From developer:

All requests continue to go through nginx, not apache. access_ssl_log is always 0 Byte!

Smart static files processing
If turned off, Apache will process all requests for static files. nginx will only pass requests and responses without modification.

Indeed, all requests go through nginx as explained in the option hint. access_ssl_log is non-empty and contains logs from Apache.

In apache this is not working ... I have still access to image files in "images" folder.

Make sure to put the directives into both "Additional directives for HTTP" and "Additional directives for HTTPS" of the subdomain. This results in HTTP 403 when attempting to access files in the images folder.

I have enabled static file processing for nginx and this is not working ... So why its not working with location?

With "Smart static files processing" on and "Serve static files directly by nginx" off this works as expected in both cases.

Set custom expire for only css- and js-files not working ... In request header there is no caching. Here too, location is not working.

Again, works as expected. The following headers are returned:

Cache-Control: max-age=2592000

Cache-Control: public

All listed cases work as expected. No issues found.

Note that in the 3rd (and 4th) case if "Serve static files directly by nginx" is on, Plesk adds

location ~ ^/(.*\.(ac3|avi|bmp|bz2|css|cue|dat|doc|docx|dts|eot|exe|flv|gif|gz|htm|html|ico|img|iso|jpeg|jpg|js|mkv|mp3|mp4|mpeg|mpg|ogg|pdf|png|ppt|pptx|qt|rar|rm|svg|swf|tar|tgz|ttf|txt|wav|woff|woff2|xls|xlsx|zip|webp))$ {

try_files $uri @fallback;

}

to the configuration before the "Additional nginx directives" (which are included with include "/var/www/vhosts/system/<domain>/conf/vhost_nginx.conf".

From nginx documentation:

regular expressions are checked, in the order of their appearance in the configuration file. The search of regular expressions terminates on the first match, and the corresponding configuration is used.

This means that if URL matches the first location (i.e. is a static file), then the second location as in the report will not be reached and used. Therefore the customer might have observed "non-working" additional nginx directives.

This behavior is intentional and is not a bug.

 

[Azurel]

Okay, Now I understand, because in /var/www/vhosts/system/example.com/conf/nginx.conf there are this lines before include my "Additional nginx directives"

location ~ ^/(.*\.(ac3|avi|bmp|bz2|css|cue|dat|doc|docx|.............|xls|xlsx|zip|webp))$ {
try_files $uri @fallback;
}

include "/var/www/vhosts/system/example.com/conf/vhost_nginx.conf";

This skip all location commands in my nginx settings.

So I must uncheck "Serve static files directly by nginx" and add in "Additional nginx directives" this code and this will work

location ~* ^/(.*\.(css|js|jpeg|jpg|png|gif|webp|ttf|ttc|otf|eot|woff|woff2|font.css))$ {
try_files $uri @fallback;

expires 30d;
add_header Cache-Control "public";

location ~ ^/forbidden-folder/ {
deny all;
return 404;
}
}

Many thanks!

Maybe you should add a link to a support ticket here at "Additional nginx directives", which explains that the "location"-command does not work with this. Because this is something that is only noticed after weeks and can be a security problem.

Why is it location ~ (case-sensitiv) and not location ~* (case-insensitiv)? There are file-extensions that not only lowercase.