nginx.conf PHP example on Windows

adminlists at adminlists at
Thu Aug 27 19:40:11 MSD 2009

The default PHP example is insecure on Windows.

It needs to be ~* instead of ~. Otherwise, someone can request .PHP instead of .php and 
read the text of the PHP file. You may want to point this out somewhere in the docs, or just 
make the default matching ~* in the default, example configuration.

This is probably not an issue for people who think about it, but I suspect many people will just 
use the defaults.


More information about the nginx mailing list