nginx.conf PHP example on Windows
adminlists at zer7.com
adminlists at zer7.com
Thu Aug 27 19:40:11 MSD 2009
The default PHP example is insecure on Windows.
It needs to be ~* instead of ~. Otherwise, someone can request .PHP instead of .php and
read the text of the PHP file. You may want to point this out somewhere in the docs, or just
make the default matching ~* in the default, example configuration.
This is probably not an issue for people who think about it, but I suspect many people will just
use the defaults.
-James
More information about the nginx
mailing list