nginx 0day exploit for nginx + fastcgi PHP

Ian M. Evans ianevans at
Sun May 23 02:26:29 MSD 2010

On 5/22/2010 8:44 AM, Ian M. Evans wrote:
>>> Well, unfortunately, changing cgi.fix_pathinfo to cgi.fix_pathinfo=0
>>> killed the extensionless php files, just like it did in 2008.
>>> Here's a snippet from the debug log when it works (cgi.fix_pathinfo=1):
>> If you request "/academy/75/photos/" with with cgi.fix_pathinfo=0,
>> does it work ?
> Adding the trailing slash still produced a 404.

Well, after being up for 21hrs, I decide to sleep. Downing my first 
coffee of the day now and trying to Google anything that would lead me 
to understand why cgi.fix_pathinfo=1 works with Igor's location and 
cgi.fix_pathinfo=0 breaks it.

Two notes: 1) is my issue related at all to and 2) many thanks to Igor and 
everyone else on this list. I think nginx isn't the best server because 
of speed and footprint, no it's the best because of the community. :-)

More information about the nginx mailing list