cgi.fix_pathinfo
Rob Schultz
rschultz7 at gmail.com
Thu Sep 24 03:17:33 MSD 2009
You can turn force_redirect off. This setting has no effect on nginx
when using the php as a fastcgi instance. here is more information
http://www.php.net/manual/en/security.cgi-bin.force-redirect.php
It is designed to prevent someone from calling your CGI binary
directly from a url like http://somedomain.com/cgi-bin/php/path/to/script.php
where that would execute PHP directly. Instead this option makes teh
cgi binary require a redirect on the server side.
On Sep 23, 2009, at 1:51 PM, Neves wrote:
> Here I use cgi.fix_pathinfo=0 to enable PATH_INFO
> and cgi.force_redirect=1 for security reasons that I dont understand:
> http://www.php.net/manual/en/ini.core.php#ini.cgi.force-redirect
>
> On Sep 23, 2:49 pm, Ziyad Saeed <myschizobu... at gmail.com> wrote:
>> Whats the recommended setting of these php parameters for nginx
>> server
>> cgi.fix_pathinfo = 1
>> cgi.force_redirect = 0
>
More information about the nginx
mailing list