nginx.conf PHP example on Windows
Igor Sysoev
is at rambler-co.ru
Thu Aug 27 19:48:04 MSD 2009
On Thu, Aug 27, 2009 at 11:40:11AM -0400, adminlists at zer7.com wrote:
> The default PHP example is insecure on Windows.
>
> It needs to be ~* instead of ~. Otherwise, someone can request .PHP instead of .php and
> read the text of the PHP file. You may want to point this out somewhere in the docs, or just
> make the default matching ~* in the default, example configuration.
>
> This is probably not an issue for people who think about it, but I suspect many people will just
> use the defaults.
Changes with nginx 0.8.6 20 Jul 2009
*) Bugfix: now in MacOSX, Cygwin, and nginx/Windows locations given by
a regular expression are always tested in case insensitive mode.
--
Igor Sysoev
http://sysoev.ru/en/
More information about the nginx
mailing list