Equivalent of Apache's SetEnv Variable
Igor Sysoev
igor at sysoev.ru
Thu Aug 5 12:09:33 MSD 2010
On Thu, Aug 05, 2010 at 10:06:08AM +0200, Grzegorz Nosek wrote:
> On Thu, Aug 05, 2010 at 11:29:55AM +0400, Igor Sysoev wrote:
> > How may this prevent from the exploit if a requested file is
> > "/dir/1.gif/2.php" ? As I understand the file will have
> > "application/x-httpd-php" type ?
>
> The patch hooks into the static module ngx_http_static_handler, takes
> r->headers_out.content_type and searches for an appropriately named
> location. If found, it reroutes the request there.
>
> Like I said, the patch has never seen production use. Also, security
> wasn't really the motivation so I may be badly mistaken about it.
>
> Hmm, getting more and more uncertain about it ;) In the example above,
> is 1.gif a file (and /2.php the path_info), or is it a directory (and
> 2.php is a normal file)? -ENOCOFFEE, I guess.
What's about when "/dir/1.gif/2.php" is proxied to remote server ?
nginx has no access to a filesystem of the file.
--
Igor Sysoev
http://sysoev.ru/en/
More information about the nginx
mailing list