Welcome! Log In Create A New Profile

Advanced

Re: Protect against php files being send as static files

Ian Hobson
March 06, 2019 07:02AM
On 05/03/2019 11:50, Olaf van der Spek wrote:
> Hi,
>
> Is there a way to protect against php files being send as static files /
> source due to some php specific configuration being missed (by accident)?
> Another web server has this by default: static-file.exclude-extensions = (
> ".php", ".pl", ".fcgi" )
Hi,

I think you need the zero day exploit defence.

If you place your php files outside the main root directory, and
then do something like this

server {
.....

root /location/of/static/files;
location ~ \.php {
root /location/of/php/files;
# Zero-day exploit defence, see
http://forumm.nginx.org/read.php?2,88846,page 3
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass 127.0.0.1:9000;
}
}

Then you should be OK.

There is actually no need to move php files to a new root.

Regards

Ian

--
Ian Hobson
Tel (+351) 910 418 473
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

Protect against php files being send as static files

Olaf van der Spek March 05, 2019 06:50AM

Re: Protect against php files being send as static files

Francis Daly March 05, 2019 07:00PM

Re: Protect against php files being send as static files

Olaf van der Spek March 12, 2019 04:45AM

Re: Protect against php files being send as static files

Ian Hobson March 06, 2019 07:02AM

Re: Protect against php files being send as static files

Olaf van der Spek March 12, 2019 04:53AM

Re: Protect against php files being send as static files

Ian Hobson March 12, 2019 04:56PM

Re: Protect against php files being send as static files

Olaf van der Spek March 26, 2019 10:50AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 156
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready