I have found out huge security hole in my nginx configuration.
If i go to the page www.mydomain.com/\ (slash and backslash at the end of my domain)... my cms will show it's config file (.php). This is my config, how should i change it, so the last slash would be ignored or eather say 404?
[code]
location / {
index index.php index.html index.htm;
}
location ~ \.php$ {
include /etc/nginx/fastcgi_php;
}
location ~* \.(gif|jpg|jpeg|png) {
allow all;
}
location ~ /\. {
deny all;
}
[/code]
Edited 1 time(s). Last edit at 11/14/2010 12:20PM by theberserker.