Nginx+Php-fpm Dangerous Bug

escavern nginx-forum at nginx.us
Sat Dec 3 08:58:03 UTC 2011


This is my PHP configuration :
-------------------------------------------------------------------------------------------------------

server {
listen 80;
server_name www.ceriwis.org;
#rewrite ^/(.*) http://ceriwis.us/$1 permanent;
client_max_body_size 50M;

#access_log logs/host.access.log main;

location / {
root /home/ceriorg/public_html;
index index.php index.html;



location /crwscp {
auth_basic "Administrator Login";
auth_basic_user_file /home/htpasswd.txt;
}

location ~ \..*/.*\.php {
return 403;
}






if ($http_user_agent ~* "^.*(sharp).*") {
return 403;
}

}


error_page 404 /404.html;
location = /404.html {
root /usr/share/nginx/html;
}

# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}


# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
root public_html;
include fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param HTTPS on;
fastcgi_param SCRIPT_FILENAME
/home/ceriorg/public_html$fastcgi_script_name;
#fastcgi_intercept_errors on;


}


}
-------------------------------------------------------------------------------------------------------

I still dont understand the point you told me, i need to:
put (allow_url_fopen = Off) in php.ini
and then what else ?
thanks

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,219532,219535#msg-219535



More information about the nginx mailing list