Configuring nginx for both static pages and fcgi simultaneously
Maxim Dounin
mdounin at mdounin.ru
Thu Aug 4 00:35:24 UTC 2016
Hello!
On Wed, Aug 03, 2016 at 07:07:53PM +0200, B.R. wrote:
> I disagree: it is a good feature to check for script file existence before
> calling PHP on it with something like:
> try_files [...] =404;
> It helps mitigating attacks by avoiding to pave the way to undue files
> being interpreted.
>
> That only works if the filesystem containing PHP scripts is accessible from
> nginx aswell, ofc.
While `try_files ... =404` may be usable to mitigate various PHP bugs and
misconfigurations (assuming you don't care about efficiency), it's
not something that can be used to differentiate static and dynamic
content - and that's what the original question was about.
Additionally, the original question suggests that it's not about
PHP with multiple scripts, but instead a real FastCGI application.
Which makes `try_files ... =404` completely wrong.
--
Maxim Dounin
http://nginx.org/
More information about the nginx
mailing list