Possible widespread PHP configuration issue - security risk

Ensiferous nginx-forum at nginx.us
Mon Aug 30 20:46:36 MSD 2010

All I'm reading here is reiterations of the previous discussion and
language elites-ism .

This is an extremely old issue, the opinion last time was that this is
not something that should be fixed in Nginx. Nginx is a reverse proxy
and there may be very valid cases where allowing such URIs make sense.

The *real* solution is to fix the php pathinfo setting, it's archaic and
shouldn't be used unless absolutely necessary. That said, I did look
around a bit on the wiki and it wasn't covered overly much, about the
only place was in my Nginx primer post so I'll go ahead and add a
section on the pitfalls page that details the issue.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,124297,125274#msg-125274

More information about the nginx mailing list