Equivalent of Apache's SetEnv Variable

Igor Sysoev igor at sysoev.ru
Thu Aug 5 12:19:22 MSD 2010

On Thu, Aug 05, 2010 at 10:11:29AM +0200, Grzegorz Nosek wrote:

> On Thu, Aug 05, 2010 at 12:09:33PM +0400, Igor Sysoev wrote:
> > What's about when "/dir/1.gif/2.php" is proxied to remote server ?
> > nginx has no access to a filesystem of the file.
> It doesn't go via the static module then and the patch won't do
> anything.

The issue is that someone is able to upload a image file to a directory
with scripts (I do not know why he is not able to override some valid
images or even the scripts themself in this case). Then someone requests
the image file as "/dir/1.gif/2.php" making exploit. I do not see
how using types will help in a case when nginx ahs not access to remote

Igor Sysoev

More information about the nginx mailing list