nginx.conf PHP example on Windows

Igor Sysoev is at
Thu Aug 27 19:48:04 MSD 2009

On Thu, Aug 27, 2009 at 11:40:11AM -0400, adminlists at wrote:

> The default PHP example is insecure on Windows.
> It needs to be ~* instead of ~. Otherwise, someone can request .PHP instead of .php and 
> read the text of the PHP file. You may want to point this out somewhere in the docs, or just 
> make the default matching ~* in the default, example configuration.
> This is probably not an issue for people who think about it, but I suspect many people will just 
> use the defaults.

Changes with nginx 0.8.6                                         20 Jul 2009

    *) Bugfix: now in MacOSX, Cygwin, and nginx/Windows locations given by 
       a regular expression are always tested in case insensitive mode.

Igor Sysoev

More information about the nginx mailing list