XF 2.0 Can not access payment_callback.php


Hi Guys,

I have a problem with the Payment Provider configuration of Paypal. I want to create IPN with my PP Account. But if i want to access my payment_callback.php i get an 403 in my logs and the site isn't loading. All other php files works perfectly. Only the access to payment_callback.php is denied.

Access Log:

xxx:xx:xxxx:xxxx:xxx:xxx:xxxx: - - [26/Feb/2018:22:48:44 +0000] "GET /payment_callback.php HTTP/2.0" 403 234 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36"

The error logs are empty. I use nginx with php7 and letsencrypt.

My nginx Conf:

server {
    listen 80;
    listen [::]:80;
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name xxxxxx

    ssl on;
    ssl_certificate /etc/letsencrypt/live/xxxxx/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/xxxxx/privkey.pem;
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:10m;
    ssl_session_tickets off;
    ssl_protocols TLSv1.2;
    ssl_prefer_server_ciphers on;
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;

    # OCSP Stapling ---
    # fetch OCSP records from URL in ssl_certificate and cache them
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_trusted_certificate /etc/letsencrypt/live/xxxxx/chain.pem;

    #aktiviert X-Frame-Options
    add_header X-Frame-Options "SAMEORIGIN";

    #aktiviert X-XSS-Protection
    add_header x-xss-protection "1; mode=block" always;

    #aktiviert X-Content-Type-Options
    add_header X-Content-Type-Options "nosniff" always;

    error_log /var/log/nginx/error.log warn;

    root /var/www/xf2;
    index index.html index.htm index.php;

    if ($ssl_protocol = "") {
        return 301 https://$server_name$request_uri;

    #location ^~ /data {
    #    deny all;

    location ~ \.php$ {
            include snippets/fastcgi-php.conf;
            fastcgi_pass unix:/run/php/php7.0-fpm.sock;


    # snippet for updating letsencrypt certificates
         include snippets/certbot-webroot.conf;


Greets Sp4x