Security Risk

Stefan Scott lists at
Sat Feb 14 03:56:10 MSK 2009

Yeah, this "solution" is definitely a security risk.

I just did some testing, and I'm able to open *any* file in 

For example, if I point the browser at:

then Firefox offers to download the index.php file.

If I point the browser at:

then it displays the README file in the browser, etc.

So this is not good.

How do I set up my directories and my nginx.conf file so that people can 
browse to a site like:

without exposing all the files in the directory $root/mysub-url?


Posted via

More information about the nginx mailing list