XF 2.0 Can not access payment_callback.php

Sp4x

Member
Hi Guys,

I have a problem with the Payment Provider configuration of Paypal. I want to create IPN with my PP Account. But if i want to access my payment_callback.php i get an 403 in my logs and the site isn't loading. All other php files works perfectly. Only the access to payment_callback.php is denied.

Access Log:

Code:
xxx:xx:xxxx:xxxx:xxx:xxx:xxxx: - - [26/Feb/2018:22:48:44 +0000] "GET /payment_callback.php HTTP/2.0" 403 234 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36"
The error logs are empty. I use nginx with php7 and letsencrypt.

My nginx Conf:

Code:
server {
    listen 80;
    listen [::]:80;
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name xxxxxx

    ssl on;
    ssl_certificate /etc/letsencrypt/live/xxxxx/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/xxxxx/privkey.pem;
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:10m;
    ssl_session_tickets off;
    ssl_protocols TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
    ssl_prefer_server_ciphers on;
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;

    # OCSP Stapling ---
    # fetch OCSP records from URL in ssl_certificate and cache them
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_trusted_certificate /etc/letsencrypt/live/xxxxx/chain.pem;
    resolver 208.67.222.222;

    #aktiviert X-Frame-Options
    add_header X-Frame-Options "SAMEORIGIN";

    #aktiviert X-XSS-Protection
    add_header x-xss-protection "1; mode=block" always;

    #aktiviert X-Content-Type-Options
    add_header X-Content-Type-Options "nosniff" always;

    #Logging
    error_log /var/log/nginx/error.log warn;

    root /var/www/xf2;
    index index.html index.htm index.php;

    if ($ssl_protocol = "") {
        return 301 https://$server_name$request_uri;
    }

    #location ^~ /data {
    #    deny all;
    #}

    location ~ \.php$ {
            include snippets/fastcgi-php.conf;
            fastcgi_pass unix:/run/php/php7.0-fpm.sock;

    }

    # snippet for updating letsencrypt certificates
         include snippets/certbot-webroot.conf;

}
Greets Sp4x
 
Top