Help! Nginx Vulnerable Remote file inclusion
escavern
nginx-forum at nginx.us
Sat Dec 3 06:36:10 UTC 2011
This is my PHP configuration :
-------------------------------------------------------------------------------------------------------
server {
listen 80;
server_name www.ceriwis.org;
#rewrite ^/(.*) http://ceriwis.us/$1 permanent;
client_max_body_size 50M;
#access_log logs/host.access.log main;
location / {
root /home/ceriorg/public_html;
index index.php index.html;
location /crwscp {
auth_basic "Administrator Login";
auth_basic_user_file /home/htpasswd.txt;
}
location ~ \..*/.*\.php {
return 403;
}
if ($http_user_agent ~* "^.*(sharp).*") {
return 403;
}
}
error_page 404 /404.html;
location = /404.html {
root /usr/share/nginx/html;
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# pass the PHP scripts to FastCGI server listening on
127.0.0.1:9000
#
location ~ \.php$ {
root public_html;
include fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param HTTPS on;
fastcgi_param SCRIPT_FILENAME
/home/ceriorg/public_html$fastcgi_script_name;
#fastcgi_intercept_errors on;
}
}
-------------------------------------------------------------------------------------------------------
i hope you can help me
Posted at Nginx Forum: http://forum.nginx.org/read.php?2,219523,219529#msg-219529
More information about the nginx
mailing list