Hi, all.
Sorry my foor English. :)
I have found out a security hole in my nginx webserver.
if an attacker upload the malicious php code to image directory, it wil excuted.
How can I remove execution permission for php such as apache example?
<DirectoryMatch "/home/userid/public_html/images/">
AddType application/x-httpd-php3-source .phps .php .ph .php3 .cgi .sh .pl .html .htm .shtml .vbs .ins .php4
AddType application/x-httpd-php-source .phps .php .ph .php3 .cgi .sh .pl .html .htm .shtml .vbs .ins .php4
<Files ~ ".*\.ph$">
Order allow,deny
Deny from all
</Files>
</DirectoryMatch>
thank you.