Welcome! Log In Create A New Profile

Re: Possible widespread PHP configuration issue - security risk

Forum List Message List New Topic Print View

mike

August 27, 2010 02:10PM

Registered: 15 years ago
Posts: 833

Let's stop debating and start with a clean fix. It sounds like this is
all that is needed. Anyone want to verify?

php config:
cgi.fix_pathinfo=0

then just make sure nginx splits the path info for you in case your
app needs it with fastcgi_split_path_info:
location ~ \.php$ {
fastcgi_pass 127.0.0.1:11000;
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(.*)$; # just throw this in
fastcgi_params too, then!
}

Is this the right solution? Yes or no?

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Reply Quote

RSS

Subject	Author	Posted
Re: Possible widespread PHP configuration issue - security risk	Adam Younce	August 27, 2010 02:04PM
Re: Possible widespread PHP configuration issue - security risk	mike	August 27, 2010 02:10PM
Re: Possible widespread PHP configuration issue - security risk	Igor Sysoev	August 27, 2010 02:44PM
Re: Possible widespread PHP configuration issue - security risk	mike	August 27, 2010 02:48PM
Re: Possible widespread PHP configuration issue - security risk	Igor Sysoev	August 27, 2010 02:58PM
Re: Possible widespread PHP configuration issue - security risk	mike	August 27, 2010 03:12PM
Re: Possible widespread PHP configuration issue - security risk	Ed W	August 28, 2010 06:18AM
Re: Possible widespread PHP configuration issue - security risk	mike	August 28, 2010 08:28AM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 253

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018