Equivalent of Apache's SetEnv Variable
Grzegorz Nosek
grzegorz.nosek at gmail.com
Thu Aug 5 12:06:08 MSD 2010
On Thu, Aug 05, 2010 at 11:29:55AM +0400, Igor Sysoev wrote:
> How may this prevent from the exploit if a requested file is
> "/dir/1.gif/2.php" ? As I understand the file will have
> "application/x-httpd-php" type ?
The patch hooks into the static module ngx_http_static_handler, takes
r->headers_out.content_type and searches for an appropriately named
location. If found, it reroutes the request there.
Like I said, the patch has never seen production use. Also, security
wasn't really the motivation so I may be badly mistaken about it.
Hmm, getting more and more uncertain about it ;) In the example above,
is 1.gif a file (and /2.php the path_info), or is it a directory (and
2.php is a normal file)? -ENOCOFFEE, I guess.
Best regards,
Grzegorz Nosek
More information about the nginx
mailing list