Support

Admin Tools

#27764 Nginx sef support

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Sunday, 21 May 2017 23:46 CDT

Tuesday, 16 May 2017 10:00 CDT

activha
 Hello

I am coming back on this topic : https://www.akeebabackup.com/support/admin-tools/Ticket/27423-nginx-homepage-index-php.html

We are moving from apache to nginx with php-fm

If we don't want to use SEF urls to avoid 301 redirect to index.php, how should we change the rules for joomla to work fine ?

It seems that the piece of block redirecting the index.php has some side effects on other components.

Further, if we include a secret key word for access to administrator folder, the nginx maker does not seem to take it into account.

And finally, there is a glitch in the maker when selecting the symlinks option (a single carriage return ;-) )

So if you would help us on this nginx config that would be great

Thanks
Jean

Tuesday, 16 May 2017 14:39 CDT

nicholas
If we don't want to use SEF urls to avoid 301 redirect to index.php, how should we change the rules for joomla to work fine ?


I am not sure what you are asking. If you don't want to use SEF URLs with Joomla! there is nothing you need to do.

It seems that the piece of block redirecting the index.php has some side effects on other components.


If you mean what I think you mean just set "Force index.php parsing before index.html" to No and "Disable directory listings" to No. Please note that this will BREAK the expected behaviour of seeing Joomla! when you type the URL to the root of the site or the administrator page, i.e.

http://www.example.com -- will NOT work (you will see the listing of files in the directory or a blank page)
http://www.example.com/index.php -- works
http://www.example.com/administrator -- will NOT work (you will see the listing of files in the directory or a blank page)
http://www.example.com/administrator/index.php -- works

For what it's worth the line added in the NginX config (index index.php index.html index.htm;) is the standard and recommended way to tell NginX to serve PHP applications.

Further, if we include a secret key word for access to administrator folder, the nginx maker does not seem to take it into account.


If you REALLY mean the secret URL parameter, the NginX Maker has nothing to do with it. The administrator secret URL parameter is enforced by PHP code.

If you actually mean the Password Protect Administrator feature we explicitly state that it only works on Apache as it's based on .htaccess and .htpasswd files. We don't even show you this feature when you run under NginX for this reason. If you want, you can implement it manually following this guide: https://www.digitalocean.com/community/tutorials/how-to-set-up-password-authentication-with-nginx-on-ubuntu-14-04

No, we won't automate that because you would still need to edit your NginX configuration (and know where to edit it), something which cannot be automated for several technical reasons. That would make such a feature completely useless. There's no point just creating a .htpasswd file for you and having you do the difficult part of the process by hand.

And finally, there is a glitch in the maker when selecting the symlinks option (a single carriage return ;-) )


Thank you! The missing carriage return will be present in the next version of Admin Tools scheduled for tomorrow or the day after.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Sunday, 21 May 2017 16:23 CDT

activha
Thanks for the info, we had some misconfigurations for index.php in nginx rules, and that works much better now.

But I have noticed a problem with ajax requests.

With the attached nginx conf file from admin tools nginx maker, it seems that it is impossible to update joomla, we always got ajax errors.

I had to revert to joomla.org nginx config to allow update to joomla 3.7.1

It seems that ajax problems occur also with other requests but it seems hard to narrow the problem

It seems to me that some are blocked with 404 and others are blocked due to paths being added to the domain, so instead of calling domain/index.phpxxx the ajax request calls domain/pagesefdisplayedpath/index.phpxxx

looking at the code, do you have a suggestion to allow ajax requests ?

   server {
        listen       80 ;
		listen       443 ssl http2 ;
        server_name  devel.activ-ha.com;
        
        ssl_certificate /etc/ssl/certs/activ-ha.com.certchain.crt;
        ssl_certificate_key /etc/ssl/private/activ-ha.com.key;
        
        ssl_session_cache shared:SSL:20m;
        ssl_session_timeout  180m;

        ssl_prefer_server_ciphers on;
		ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DHE+AES128:!ADH:!AECDH:!MD5;
		
		ssl_dhparam /etc/nginx/cert/dhparam.pem;
		ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
		
		ssl_stapling on;
		ssl_stapling_verify on;
		ssl_trusted_certificate /etc/nginx/cert/trustchain.crt;
		resolver 8.8.8.8 8.8.4.4;
		
        access_log 	/var/log/nginx/activha.access_log;
        error_log 	/var/log/nginx/activha.error_log info;
        
        root /var/www/html;
        
		
######################################################################
## Protect against common file injection attacks
######################################################################
set $file_injection 0;
if ($query_string ~ "[a-zA-Z0-9_]=http://") {
	set $file_injection 1;
}
if ($query_string ~ "[a-zA-Z0-9_]=(\.\.//?)+") {
	set $file_injection 1;
}
if ($query_string ~ "[a-zA-Z0-9_]=/([a-z0-9_.]//?)+") {
	set $file_injection 1;
}
if ($file_injection = 1) {
	return 403;
	break;
}
######################################################################
## Disable PHP Easter Eggs
######################################################################
if ($query_string ~ "\=PHP[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}") {
	return 403;
	break;
}
######################################################################
## Block access to configuration.php-dist and htaccess.txt
######################################################################
location = /configuration.php-dist {
	log_not_found off;
	access_log off;
	return 404;
	break;
}

location = /htaccess.txt {
	log_not_found off;
	access_log off;
	return 404;
	break;
}

location = /web.config {
	log_not_found off;
	access_log off;
	return 404;
	break;
}

location = /configuration.php {
	log_not_found off;
	access_log off;
	return 404;
	break;
}

location = /CONTRIBUTING.md {
	log_not_found off;
	access_log off;
	return 404;
	break;
}

location = /joomla.xml {
	log_not_found off;
	access_log off;
	return 404;
	break;
}

location = /LICENSE.txt {
	log_not_found off;
	access_log off;
	return 404;
	break;
}

location = /phpunit.xml {
	log_not_found off;
	access_log off;
	return 404;
	break;
}

location = /README.txt {
	log_not_found off;
	access_log off;
	return 404;
	break;
}

location = /web.config.txt {
	log_not_found off;
	access_log off;
	return 404;
	break;
}
######################################################################
## Block access from specific user agents
######################################################################
set $bad_ua 0;
if ($http_user_agent ~ "WebBandit") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "webbandit") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "Acunetix") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "binlar") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "BlackWidow") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "Bolt 0") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "Bot mailto:[email protected]") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "BOT for JCE") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "casper") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "checkprivacy") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "ChinaClaw") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "clshttp") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "cmsworldmap") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "comodo") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "Custo") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "Default Browser 0") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "diavol") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "DIIbot") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "DISCo") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "dotbot") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "Download Demon") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "eCatch") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "EirGrabber") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "EmailCollector") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "EmailSiphon") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "EmailWolf") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "Express WebPictures") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "extract") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "ExtractorPro") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "EyeNetIE") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "feedfinder") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "FHscan") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "FlashGet") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "flicky") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "GetRight") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "GetWeb!") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "Go-Ahead-Got-It") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "Go!Zilla") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "grab") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "GrabNet") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "Grafula") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "harvest") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "HMView") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "ia_archiver") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "Image Stripper") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "Image Sucker") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "InterGET") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "Internet Ninja") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "InternetSeer.com") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "jakarta") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "Java") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "JetCar") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "JOC Web Spider") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "kmccrew") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "larbin") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "LeechFTP") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "libwww") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "Mass Downloader") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "Maxthon$") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "microsoft.url") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "MIDown tool") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "miner") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "Mister PiX") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "NEWT") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "MSFrontPage") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "Navroad") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "NearSite") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "Net Vampire") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "NetAnts") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "NetSpider") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "NetZIP") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "nutch") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "Octopus") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "Offline Explorer") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "Offline Navigator") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "PageGrabber") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "Papa Foto") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "pavuk") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "pcBrowser") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "PeoplePal") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "planetwork") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "psbot") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "purebot") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "pycurl") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "RealDownload") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "ReGet") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "Rippers 0") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "SeaMonkey$") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "sitecheck.internetseer.com") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "SiteSnagger") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "skygrid") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "SmartDownload") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "sucker") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "SuperBot") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "SuperHTTP") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "Surfbot") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "tAkeOut") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "Teleport Pro") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "Toata dragostea mea pentru diavola") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "turnit") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "vikspider") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "VoidEYE") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "Web Image Collector") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "Web Sucker") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "WebAuto") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "WebCopier") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "WebFetch") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "WebGo IS") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "WebLeacher") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "WebReaper") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "WebSauger") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "Website eXtractor") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "Website Quester") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "WebStripper") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "WebWhacker") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "WebZIP") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "Wget") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "Widow") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "WWW-Mechanize") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "WWWOFFLE") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "Xaldon WebSpider") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "Yandex") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "Zeus") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "zmeu") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "CazoodleBot") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "discobot") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "ecxi") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "GT::WWW") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "heritrix") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "HTTP::Lite") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "HTTrack") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "ia_archiver") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "id-search") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "id-search.org") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "IDBot") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "Indy Library") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "IRLbot") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "ISC Systems iRc Search 2.1") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "LinksManager.com_bot") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "linkwalker") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "lwp-trivial") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "MFC_Tear_Sample") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "Microsoft URL Control") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "Missigua Locator") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "panscient.com") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "PECL::HTTP") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "PHPCrawl") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "PleaseCrawl") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "SBIder") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "Snoopy") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "Steeler") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "URI::Fetch") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "urllib") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "Web Sucker") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "webalta") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "WebCollage") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "Wells Search II") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "WEP Search") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "zermelo") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "ZyBorg") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "Indy Library") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "libwww-perl") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "Go!Zilla") {
	set $bad_ua 1;
}
if ($http_user_agent ~ "TurnitinBot") {
	set $bad_ua 1;
}
if ($bad_ua = 1) {
	return 403;
}
######################################################################
## Directory indices and no automatic directory listings
## Forces index.php to be read before the index.htm(l) files
## Also disables showing files in a directory automatically
######################################################################
index index.php index.html index.htm default.html default.htm;
######################################################################
## Set default expiration time
######################################################################
 # CSS and JavaScript : 1 week
location ~* \.(css|js)$ {
		access_log off; log_not_found off;
		expires 1w;
}

# Image files : 1 month
location ~* \.(bmp|gif|jpg|jpeg|jp2|png|svg|tif|tiff|ico|wbmp|wbxml|smil)$ {
		access_log off; log_not_found off;
		expires 1M;
}

# Font files : 1 week
location ~* \.(woff|ttf|otf|eot)$ {
		access_log off; log_not_found off;
		expires 1M;
}

# Document files : 1 month
location ~* \.(pdf|txt|xml)$ {
		access_log off; log_not_found off;
		expires 1M;
}

# Audio files : 1 month
location ~* \.(mid|midi|mp3|m4a|m4r|aif|aiff|ra|wav|voc|ogg)$ {
		access_log off; log_not_found off;
		expires 1M;
}

# Video files : 1 month
location ~* \.(swf|vrml|avi|mkv|mpg|mpeg|mp4|m4v|mov|asf)$ {
		access_log off; log_not_found off;
		expires 1M;
}			
######################################################################
## Automatic compression of static resources
## Compress text, html, javascript, css, xml and other static resources
## May kill access to your site for old versions of Internet Explorer
######################################################################
# The following is the actual automatic compression setup
gzip            on;
gzip_vary		on;
gzip_comp_level 6;
gzip_proxied	expired no-cache no-store private auth;
gzip_min_length 1000;
gzip_http_version 1.1;
gzip_types      text/plain text/css application/xhtml+xml application/xml+rss application/rss+xml application/x-javascript application/javascript text/javascript application/json text/xml application/xml image/svg+xml;
gzip_buffers    16 8k;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
## Send ETag (you have set it to 'on')
etag on;
## HSTS Header - See http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
add_header Strict-Transport-Security max-age=31536000;
## Cross-Origin Resource Sharing (CORS)
add_header Access-Control-Allow-Origin "*";
add_header Timing-Allow-Origin "*";
## Disable HTTP methods TRACE and TRACK (protect against XST)
if ($request_method ~ ^(TRACE|TRACK)$ ) {
	return 405;
}
## Reduce MIME type security risks
add_header X-Content-Type-Options "nosniff";
## Reflected XSS prevention
add_header X-XSS-Protection "1; mode=block";
## Prevent content transformation
add_header Cache-Control "no-transform";
set $common_exploit 0;
if ($query_string ~ "proc/self/environ") {
	set $common_exploit 1;
}
if ($query_string ~ "mosConfig_[a-zA-Z_]{1,21}(=|\%3D)") {
	set $common_exploit 1;
}
if ($query_string ~ "base64_(en|de)code\(.*\)") {
	set $common_exploit 1;
}
if ($query_string ~ "(<|%3C).*script.*(>|%3E)") {
	set $common_exploit 1;
}
if ($query_string ~ "GLOBALS(=|\[|\[0-9A-Z]{0,2})") {
	set $common_exploit 1;
}
if ($query_string ~ "_REQUEST(=|\[|\[0-9A-Z]{0,2})") {
	set $common_exploit 1;
}
if ($common_exploit = 1) {
	return 403;
}        
## Enable SEF URLs
location / {
	try_files $uri $uri/ /index.php?$args;
}

location ~ \.php$ {
	fastcgi_pass  127.0.0.1:9000;
	fastcgi_index index.php;
	include fastcgi_params;
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	include /etc/nginx/fastcgi.conf;
}
location ~* /index.php$ {
	fastcgi_pass   127.0.0.1:9000;
	break;
}
######################################################################
## Advanced server protection rules exceptions
######################################################################
location = /administrator/components/com_akeeba/restore.php {
	fastcgi_pass   127.0.0.1:9000;
	break;
}
location = /administrator/components/com_admintools/restore.php {
	fastcgi_pass   127.0.0.1:9000;
	break;
}
location = /administrator/components/com_joomlaupdate/restore.php {
	fastcgi_pass   127.0.0.1:9000;
	break;
}
location ~* ^/\.well\-known/.*\.php$
{
	break;
}
location ~* ^/\.well\-known/.*$
{
	break;
}
location ~* ^/templates\/jf_sirena/.*$
{
	break;
}
location ~* ^/templates\/ja_wall/.*$
{
	break;
}
######################################################################
## Advanced server protection
######################################################################
# Allow media files in select back-end directories
location ~* ^/administrator/(components|modules|templates|images|plugins)/.*.(jpe|jpg|jpeg|jp2|jpe2|png|gif|bmp|css|js|swf|html|mpg|mp3|mpeg|mp4|avi|wav|ogg|ogv|xls|xlsx|doc|docx|ppt|pptx|zip|rar|pdf|xps|txt|7z|svg|odt|ods|odp|flv|mov|htm|ttf|woff|woff2|eot|JPG|JPEG|PNG|GIF|CSS|JS|TTF|WOFF|WOFF2|EOT)$ {
	break;
}

# Allow access to the back-end index.php file
location ~* ^/administrator/index.php {
	fastcgi_pass   127.0.0.1:9000;
	break;
}

location ~* ^/administrator$ {
	return 301 /administrator/index.php;
}
location ~* ^/administrator/$ {
	return 301 /administrator/index.php;
}

# Disable access to everything else.
location ~* /administrator.*$ {
	# If it is a file, directory or symlink and I haven't deliberately
	# enabled access to it, forbid any access to it!
	if (-e $request_filename) {
		return 403;
	}
	# In any other case, just treat as a SEF URL
	try_files $uri $uri/ /administrator/index.php?$args;
}
##### Advanced server protection -- END

}

Sunday, 21 May 2017 23:46 CDT

nicholas
Sorry, we cannot offer server configuration troubleshooting. AJAX requests are not special in any way. They are the same kind of requests you are serving, they just happen to be sent by XmlHttpRequest. Since there is no indication of your domain name in the configuration file, just standard redirections, you may want to check how you've set up your server. All I can tell you is that on all NginX environments I have tested I have never seen such an issue.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!