Welcome! Log In Create A New Profile

Advanced

Re: Possible widespread PHP configuration issue - security risk

This forum is currently read only. You can not log in or make any changes. This is a temporary situation.
August 27, 2010 02:44PM
On Fri, Aug 27, 2010 at 11:06:00AM -0700, Michael Shadle wrote:

> Let's stop debating and start with a clean fix. It sounds like this is
> all that is needed. Anyone want to verify?
>
> php config:
> cgi.fix_pathinfo=0
>
> then just make sure nginx splits the path info for you in case your
> app needs it with fastcgi_split_path_info:
> location ~ \.php$ {
> fastcgi_pass 127.0.0.1:11000;
> include fastcgi_params;
> fastcgi_split_path_info ^(.+\.php)(.*)$; # just throw this in
> fastcgi_params too, then!
> }
>
> Is this the right solution? Yes or no?

- location ~ \.php$ {
+ location ~ \.php {

BTW, in 0.8.x you may use

location ~ ^(?<script>.+\.php)(?<path_info>.*)$ {
fastcgi_pass 127.0.0.1:11000;
fastcgi_param SCRIPT_FILENAME $script;
fastcgi_param PATH_INFO $path_info;
include fastcgi_params;
}


--
Igor Sysoev
http://sysoev.ru/en/

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx
Subject Author Posted

Re: Possible widespread PHP configuration issue - security risk

Adam Younce August 27, 2010 02:04PM

Re: Possible widespread PHP configuration issue - security risk

mike August 27, 2010 02:10PM

Re: Possible widespread PHP configuration issue - security risk

Igor Sysoev August 27, 2010 02:44PM

Re: Possible widespread PHP configuration issue - security risk

mike August 27, 2010 02:48PM

Re: Possible widespread PHP configuration issue - security risk

Igor Sysoev August 27, 2010 02:58PM

Re: Possible widespread PHP configuration issue - security risk

mike August 27, 2010 03:12PM

Re: Possible widespread PHP configuration issue - security risk

Ed W August 28, 2010 06:18AM

Re: Possible widespread PHP configuration issue - security risk

mike August 28, 2010 08:28AM



Online Users

Guests: 155
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready