July 21, 2024 09:27AM
Hello.

I am running Nginx with PHP-FPM. PHP-FPM has its own configuration external to Nginx, including a global `php.conf` and `www.conf`.

I am aware that the PHP-FPM configuration can be overridden / modified at a per-directory level under the Nginx root with a `php.ini` file. A recent server compromise involved these extra `php.ini` files to change the configuration against my preferences.

Ideally, I would like to configure a way for Nginx to essentially block access to these `php.ini` files so they are not passed internally to PHP-FPM for processing.

This may be a question for the PHP-FPM folks, you're my first port of call.

Thank you, and best wishes.
Subject Author Posted

Deny processing of `php.ini` files for PHP-FPM

petecooper July 21, 2024 09:27AM

Re: Deny processing of `php.ini` files for PHP-FPM

itpp2012 July 21, 2024 01:07PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 117
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready