Forum List Message List New Topic Print View

Igor Sysoev

May 22, 2010 06:12AM

Admin
Registered: 15 years ago
Posts: 4,579

On Sat, May 22, 2010 at 05:43:11AM -0400, Ian M. Evans wrote:

> On 5/22/2010 3:54 AM, Igor Sysoev wrote:
> > On Sat, May 22, 2010 at 02:56:02AM -0400, Ian Evans wrote:
> >
> >>
> >> On Sat, May 22, 2010 1:27 am, Igor Sysoev wrote:
> >>> On Sat, May 22, 2010 at 01:24:02AM -0400, Ian M. Evans wrote:
> >>>
> >>>> On 5/21/2010 5:17 PM, Igor Sysoev wrote:
> >>>>> On Fri, May 21, 2010 at 04:50:26PM -0400, Ian Evans wrote:
> >>>>>
> >>>>>>
> >>>>>> On Fri, May 21, 2010 4:39 pm, Igor Sysoev wrote:
> >>>>>>> On Fri, May 21, 2010 at 03:04:18PM -0400, Ian M. Evans wrote:
> >>>>>>>
> >>>>>>>> On 5/21/2010 2:36 PM, Igor Sysoev wrote:
> >>>>>>>>> On Fri, May 21, 2010 at 02:26:31PM -0400, Ian Evans wrote:
> >>>>>>>>>
> >>>>>>>>>> Is this situation only pertaining to sites that allow uploads
> >>>> from
> >>>>>>>> forms?
> >>>>>>>>>>
> >>>>>>>>>> Going way back to this thread
> >>>>>>>>>> (http://www.ruby-forum.com/topic/145358#645652) in '08, I needed
> >>>>>>>>>> cgi.fix-pathinfo=1 to fix problems with paths and specific
> >>>>>>>> extensionless
> >>>>>>>>>> files I needed run as php.
> >>>>>>>>>>
> >>>>>>>>>> Changing cgi.fix-pathinfo=1 to 0 broke a lot of stuff.
> >>>>>>>>>
> >>>>>>>>> Could you show again how URIs should be mapped to SCRIPT_FILENAME
> >>>>>>>>> and PATH_INFO ? Modern nginx versions support named captures in
> >>>> regex.
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>
> >>>>>>>> This is what you came up with in the thread back in '08:
> >>>>>>>>
> >>>>>>>> location ~
> >>>> ^/(cr|news|poll|posters|photos|profile|review)(/|$) {
> >>>>>>>> root /usr/local/apache/htdocs;
> >>>>>>>> set $script_name $uri;
> >>>>>>>> set $path_info "";
> >>>>>>>>
> >>>>>>>> if ($uri ~ ^(/[^/]+)(/.*)) {
> >>>>>>>> set $script_name $1;
> >>>>>>>> set $path_info $2;
> >>>>>>>> fastcgi_pass 127.0.0.1:10004;
> >>>>>>>> }
> >>>>>>>> ...
> >>>>>>>> fastcgi_param SCRIPT_FILENAME
> >>>> $document_root$script_name;
> >>>>>>>> fastcgi_param PATH_INFO $path_info;
> >>>>>>>> }
> >>>>>>>> location ~
> >>>> /(cr|news|poll|posters|photos|profile|review)(/|$) {
> >>>>>>>> root /usr/local/apache/htdocs;
> >>>>>>>> set $script_name $uri;
> >>>>>>>> set $path_info "";
> >>>>>>>> if ($uri ~
> >>>>>>>> ^(.*/(?:cr|news|poll|posters|photos|profile|review))(/.*)) {
> >>>>>>>> set $script_name $1;
> >>>>>>>> set $path_info $2;
> >>>>>>>> fastcgi_pass 127.0.0.1:10004;
> >>>>>>>> }
> >>>>>>>> ...
> >>>>>>>> fastcgi_param SCRIPT_FILENAME $document_root$script_name;
> >>>>>>>> fastcgi_param PATH_INFO $path_info;
> >>>>>>>> fastcgi_pass 127.0.0.1:10004;
> >>>>>>>> }
> >>>>>>>>
> >>>>>>>> The two variations were needed to handle when the extensionless php
> >>>>>>>> script file was in the root (example.com/NEWS/2006/1/24) or several
> >>>>>>>> subdirs down (example.com/tiff/2007/1/PHOTOS/16)
> >>>>>>>
> >>>>>>> location ~
> >>>>>>> ^/(?<SN>cr|news|poll|posters|photos|profile|review)(?<PI>/.*$|$) {
> >>>>>>> root /usr/local/apache/htdocs;
> >>>>>>> fastcgi_pass 127.0.0.1:10004;
> >>>>>>> fastcgi_param SCRIPT_FILENAME $document_root/$SN;
> >>>>>>> fastcgi_param PATH_INFO $PI;
> >>>>>>> }
> >>>>>>>
> >>>>>>> location ~
> >>>>>>> ^(?<SN>.*/(cr|news|poll|posters|photos|profile|review)(?<PI>/.*$|$)
> >>>> {
> >>>>>>> root /usr/local/apache/htdocs;
> >>>>>>> fastcgi_pass 127.0.0.1:10004;
> >>>>>>> fastcgi_param SCRIPT_FILENAME $document_root$SN;
> >>>>>>> fastcgi_param PATH_INFO $PI;
> >>>>>>> }
> >>>>>>>
> >>>>>>
> >>>>>> And this will work with cgi.fix-pathinfo=0? Just want to confirm
> >>>> since I
> >>>>>> only have my production server to test on. Guess I really need to dig
> >>>> out
> >>>>>> an old computer one day and just set it up as a local test server.
> >>>>>
> >>>>> It should work in 0.8.32+. What nginx version do you use ?
> >>>>> You may create similar locations
> >>>>>
> >>>>> location ~ ^/(?<SN>CR|NEWS|...)(?<PI>/.*$|$) {
> >>>>>
> >>>>> to test.
> >>>>>
> >>>>>
> >>>>
> >>>> Igor, I upgrade to the latest 0.8.x. But when I ran
> >>>> /usr/local/nginx/sbin/nginx -t on the location changes you suggested I
> >>>> rec'd this error:
> >>>>
> >>>> [emerg]: pcre_compile() failed: unrecognized character after (?< in
> >>>> "^/(?<SN>cr|news|poll|posters|photos|profile|review)(?<PI>/.*$|$)" at
> >>>> "SN>cr|news|poll|posters|photos|profile|review)(?<PI>/.*$|$)"
> >>>
> >>> If nginx fails to start and displays the error message:
> >>>
> >>> pcre_compile() failed: unrecognized character after (?< in ...
> >>>
> >>> this means that the PCRE library is old and you should try the
> >>> syntax ?P<name>.
> >>
> >> That's now tossing a "pcre_compile() failed: missing )"
> >>
> >> Your second location suggestion for me was:
> >>
> >> location ~
> >> ^(?P<SN>.*/(cr|news|poll|posters|photos|profile|review)(?P<PI>/.*$|$)
> >>
> >> Looking at that line I do see three '(' and only two ')'. I suck at regex,
> >> so I don't know where the third ')' needs to go. :-)
> >
> > - ^(?P<SN>.*/(cr|news|poll|posters|photos|profile|review)(?P<PI>/.*$|$)
> > + ^(?P<SN>.*/(cr|news|poll|posters|photos|profile|review))(?P<PI>/.*$|$)
> >
>
> Man, oh, man. Having one of those nights. The correction fixes the last
> problem but I'm now getting an [emerg]: unknown "sn" variable

Did you not forget "~"

location ~ ^(...

?

--
Igor Sysoev
http://sysoev.ru/en/

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Reply Quote

RSS

Subject	Author	Posted
nginx 0day exploit for nginx + fastcgi PHP	Avleen Vig	May 21, 2010 01:14PM
Re: nginx 0day exploit for nginx + fastcgi PHP	Avleen Vig	May 21, 2010 01:30PM
Re: nginx 0day exploit for nginx + fastcgi PHP	Eren Türkay	May 25, 2010 11:44AM
Re: nginx 0day exploit for nginx + fastcgi PHP	mike	May 21, 2010 01:30PM
Re: nginx 0day exploit for nginx + fastcgi PHP	Igor Sysoev	May 21, 2010 01:36PM
Re: nginx 0day exploit for nginx + fastcgi PHP	Igor Sysoev	May 21, 2010 01:44PM
Re: nginx 0day exploit for nginx + fastcgi PHP	mike	May 21, 2010 01:52PM
Re: nginx 0day exploit for nginx + fastcgi PHP	Igor Sysoev	May 21, 2010 02:16PM
Re: nginx 0day exploit for nginx + fastcgi PHP	Ian Evans	May 21, 2010 02:30PM
Re: nginx 0day exploit for nginx + fastcgi PHP	mike	May 21, 2010 02:40PM
Re: nginx 0day exploit for nginx + fastcgi PHP	Igor Sysoev	May 21, 2010 02:40PM
Re: nginx 0day exploit for nginx + fastcgi PHP	Ian M. Evans	May 21, 2010 03:10PM
Re: nginx 0day exploit for nginx + fastcgi PHP	Igor Sysoev	May 21, 2010 04:46PM
Re: nginx 0day exploit for nginx + fastcgi PHP	Ian Evans	May 21, 2010 04:58PM
Re: nginx 0day exploit for nginx + fastcgi PHP	Igor Sysoev	May 21, 2010 05:20PM
Re: nginx 0day exploit for nginx + fastcgi PHP	Ian Evans	May 21, 2010 05:54PM
Re: nginx 0day exploit for nginx + fastcgi PHP	Igor Sysoev	May 22, 2010 02:10AM
Re: nginx 0day exploit for nginx + fastcgi PHP	Ian M. Evans	May 22, 2010 01:28AM
Re: nginx 0day exploit for nginx + fastcgi PHP	Igor Sysoev	May 22, 2010 01:32AM
Re: nginx 0day exploit for nginx + fastcgi PHP	Ian Evans	May 22, 2010 03:00AM
Re: nginx 0day exploit for nginx + fastcgi PHP	Igor Sysoev	May 22, 2010 03:58AM
Re: nginx 0day exploit for nginx + fastcgi PHP	Ian M. Evans	May 22, 2010 05:46AM
Re: nginx 0day exploit for nginx + fastcgi PHP	Igor Sysoev	May 22, 2010 06:12AM
Re: nginx 0day exploit for nginx + fastcgi PHP	Ian M. Evans	May 22, 2010 06:22AM
Re: nginx 0day exploit for nginx + fastcgi PHP	Igor Sysoev	May 22, 2010 06:26AM
Re: nginx 0day exploit for nginx + fastcgi PHP	Ian M. Evans	May 22, 2010 06:56AM
Re: nginx 0day exploit for nginx + fastcgi PHP	Ian M. Evans	May 22, 2010 08:22AM
Re: nginx 0day exploit for nginx + fastcgi PHP	Igor Sysoev	May 22, 2010 08:30AM
Re: nginx 0day exploit for nginx + fastcgi PHP	Ian M. Evans	May 22, 2010 08:48AM
Re: nginx 0day exploit for nginx + fastcgi PHP	Ian M. Evans	May 22, 2010 06:30PM
Re: nginx 0day exploit for nginx + fastcgi PHP	Jérôme Loyet	May 21, 2010 03:50PM
Re: nginx 0day exploit for nginx + fastcgi PHP	Weibin Yao	May 23, 2010 11:24PM
Re: nginx 0day exploit for nginx + fastcgi PHP	Jérôme Loyet	May 24, 2010 03:00AM
Re: nginx 0day exploit for nginx + fastcgi PHP	Weibin Yao	May 24, 2010 04:20AM
Re: nginx 0day exploit for nginx + fastcgi PHP	Cliff Wells	May 21, 2010 09:00PM
Re: nginx 0day exploit for nginx + fastcgi PHP	Grzegorz Sienko	May 21, 2010 09:24PM
Re: nginx 0day exploit for nginx + fastcgi PHP	mike	May 21, 2010 09:34PM
Re: nginx 0day exploit for nginx + fastcgi PHP	gdork	January 26, 2011 11:07PM
Re: nginx 0day exploit for nginx + fastcgi PHP	mike	January 26, 2011 11:16PM
Re: nginx 0day exploit for nginx + fastcgi PHP	edogawaconan	January 27, 2011 12:28AM
Re: nginx 0day exploit for nginx + fastcgi PHP	mike	January 27, 2011 01:08AM
Re: nginx 0day exploit for nginx + fastcgi PHP	Cliff Wells	May 21, 2010 10:42PM
Re: nginx 0day exploit for nginx + fastcgi PHP	Ding Deng	May 22, 2010 09:28AM
Re: nginx 0day exploit for nginx + fastcgi PHP	mike	May 22, 2010 03:30PM
Re: nginx 0day exploit for nginx + fastcgi PHP	brianmercer	May 21, 2010 05:03PM
Re: nginx 0day exploit for nginx + fastcgi PHP	tuurtnt	December 14, 2011 06:26PM
Re: nginx 0day exploit for nginx + fastcgi PHP	Kraiser	February 17, 2012 09:53AM
Re: nginx 0day exploit for nginx + fastcgi PHP	Reinis Rozitis	February 17, 2012 11:42AM
Re: nginx 0day exploit for nginx + fastcgi PHP	zsero	October 30, 2012 01:01PM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 233

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018