I have found out huge security hole in my nginx configuration.
If i go to the page www.mydomain.com/\ (slash and backslash at the end of my domain)... my cms will show it's config file (.php). This is my config, how should i change it, so the last slash would be ignored or eather say 404?

[code]
location / {
index index.php index.html index.htm;
}

location ~ \.php$ {
include /etc/nginx/fastcgi_php;
}

location ~* \.(gif|jpg|jpeg|png) {
allow all;
}

location ~ /\. {
deny all;
}
[/code]



Edited 1 time(s). Last edit at 11/14/2010 12:20PM by theberserker.

After checking the application folder, I found actual "\" file located at the root directory and it was a copy of a config file. No idea how it could appear there, must have been my clumsines when copying. However the problem solved.