Security Risk

Maxim Dounin mdounin at mdounin.ru
Sat Feb 14 15:28:45 MSK 2009


Hello!

On Sat, Feb 14, 2009 at 02:59:24PM +0300, Igor Sysoev wrote:

> On Fri, Feb 13, 2009 at 08:38:11PM -0500, Jim Ohlstein wrote:
> 
> > How are you handling php files in your config file? They shouldn't be served as text. Are you using php-fcgi?
> > 
> > Once you have that sorted out, you can use a rewrite something like:
> > 
> > location /path/to/phymyadmin/	{
> > 	if ( $uri !~ .*\.php$" )  {
> > 		rewrite  ^/(.*)$ /index.php  last;
> > 	}
> > }
> 
> There is much better way to this:
> 
>  location /path/to/phymyadmin/	{
>  	rewrite  ^/(.*)$ /index.php  last;
>  }
> 
>  location /path/to/phymyadmin/.+\.php$ {	

-  location /path/to/phymyadmin/.+\.php$ {	
+  location ~ /path/to/phymyadmin/.+\.php$ {	

>  	...
>  }

[...]

Maxim Dounin





More information about the nginx mailing list