Nginx+Php-fpm Dangerous Bug

escavern nginx-forum at nginx.us
Sat Dec 3 10:12:06 UTC 2011


Thanks man !



Today Dec 3, 2011 at 04:48 escavern wrote:

> correction:
>
> ok thanks man.. :)
> now i need 2 nginx rewrite :
>
> 1. to disable php running in folder /myfolder
> so if there is a php file like
> http://www.my-domain.com/myfolder/script.php it will not be executed.

http://nginx.org/en/docs/http/ngx_http_core_module.html#location
location ^~ /myfolder {}

> 2. i need rewrite to return 403 if
> "http://www.ceriwis.org/rfi.php?hal=ass.jpg" same as
> "http://www.ceriwis.org/rfi.php*.jpg* so if there is "jpg" after the
php
> extension it will return 403... is that possible ? because im not
good
> creating nginx rewrite :)

Add to location ~ \.php$ :
if ($args ~* \.jpg) {return 403;}

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,219532,219547#msg-219547



More information about the nginx mailing list