Does the wiki example mitigate the "Passing Uncontrolled Requests to PHP" risk?
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
}
http://wiki.nginx.org/PHPFcgiExample
http://wiki.nginx.org/Pitfalls#Passing_Uncontrolled_Requests_to_PHP
If not, I'd like to update it.
- Grant
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
}
http://wiki.nginx.org/PHPFcgiExample
http://wiki.nginx.org/Pitfalls#Passing_Uncontrolled_Requests_to_PHP
If not, I'd like to update it.
- Grant
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx