Welcome! Log In Create A New Profile

Re: Possible widespread PHP configuration issue - security risk

This forum is currently read only. You can not log in or make any changes. This is a temporary situation.

Forum List Message List New Topic Print View

Igor Sysoev

August 27, 2010 02:58PM

Admin
Registered: 15 years ago
Posts: 4,579

On Fri, Aug 27, 2010 at 11:41:38AM -0700, Michael Shadle wrote:

> On Fri, Aug 27, 2010 at 11:39 AM, Igor Sysoev <igor@sysoev.ru> wrote:
>
> > location ~ ^(?<script>.+\.php)(?<path_info>.*)$ {
> > fastcgi_pass 127.0.0.1:11000;
> > fastcgi_param SCRIPT_FILENAME $script;
>
> Doesn't this typically have the $document_root$fastcgi_script_name -
> so the full system path?

You are right:

fastcgi_param SCRIPT_FILENAME /path/to/files$script;

or

fastcgi_param SCRIPT_FILENAME $document_root$script;

> Thanks for the pointers, though.
>
> I will begin adopting this style once I check it quick and pushing it
> on everyone I know...

This way saves one regex execution.
BTW, it's better for perfomance and configuration maintenance reasons
to isolate regex locaitons inside static ones as Maxim has shown:

location / {
location ~ ^(?<script>.+\.php)(?<path_info>.*)$ {
...
}
...
}

location /dir1/ {
...
}

location /dir2/ {
location ~ ^(?<script>.+\.php)(?<path_info>.*)$ {
...
}
...
}

--
Igor Sysoev
http://sysoev.ru/en/

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Reply Quote

RSS

Subject	Author	Posted
Re: Possible widespread PHP configuration issue - security risk	Adam Younce	August 27, 2010 02:04PM
Re: Possible widespread PHP configuration issue - security risk	mike	August 27, 2010 02:10PM
Re: Possible widespread PHP configuration issue - security risk	Igor Sysoev	August 27, 2010 02:44PM
Re: Possible widespread PHP configuration issue - security risk	mike	August 27, 2010 02:48PM
Re: Possible widespread PHP configuration issue - security risk	Igor Sysoev	August 27, 2010 02:58PM
Re: Possible widespread PHP configuration issue - security risk	mike	August 27, 2010 03:12PM
Re: Possible widespread PHP configuration issue - security risk	Ed W	August 28, 2010 06:18AM
Re: Possible widespread PHP configuration issue - security risk	mike	August 28, 2010 08:28AM

Online Users

Guests: 311

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 500 on July 15, 2024