nginx.conf PHP example on Windows

adminlists at zer7.com adminlists at zer7.com
Thu Aug 27 19:40:11 MSD 2009


The default PHP example is insecure on Windows.

It needs to be ~* instead of ~. Otherwise, someone can request .PHP instead of .php and 
read the text of the PHP file. You may want to point this out somewhere in the docs, or just 
make the default matching ~* in the default, example configuration.

This is probably not an issue for people who think about it, but I suspect many people will just 
use the defaults.

-James







More information about the nginx mailing list