Security Risk
Maxim Dounin
mdounin at mdounin.ru
Sat Feb 14 15:28:45 MSK 2009
Hello!
On Sat, Feb 14, 2009 at 02:59:24PM +0300, Igor Sysoev wrote:
> On Fri, Feb 13, 2009 at 08:38:11PM -0500, Jim Ohlstein wrote:
>
> > How are you handling php files in your config file? They shouldn't be served as text. Are you using php-fcgi?
> >
> > Once you have that sorted out, you can use a rewrite something like:
> >
> > location /path/to/phymyadmin/ {
> > if ( $uri !~ .*\.php$" ) {
> > rewrite ^/(.*)$ /index.php last;
> > }
> > }
>
> There is much better way to this:
>
> location /path/to/phymyadmin/ {
> rewrite ^/(.*)$ /index.php last;
> }
>
> location /path/to/phymyadmin/.+\.php$ {
- location /path/to/phymyadmin/.+\.php$ {
+ location ~ /path/to/phymyadmin/.+\.php$ {
> ...
> }
[...]
Maxim Dounin
More information about the nginx
mailing list