what's the simplest way to serve php files through an alias?

Ilan Berkner iberkner at gmail.com
Sun Oct 3 08:33:11 MSD 2010


Thank you for your suggestion, I remember the vigorous discussion that took
place regarding this issue, in this particular case, this is a test /
development system so I'm not as concerned as I normally would be.

In our production environment, things are a bit more rigid.



On Sat, Oct 2, 2010 at 9:29 PM, António P. P. Almeida <appa at perusio.net>wrote:

> On 3 Out 2010 01h23 WEST, iberkner at gmail.com wrote:
>
> > [1  <multipart/alternative (7bit)>]
> > [1.1  <text/plain; ISO-8859-1 (quoted-printable)>]
> > Thanks,
> >
> > I tried it using "root" in the location, still no luck.
> >
> > Here's my config (the parts that matter), the location /nagios/ is
> > what's not working.  What am I doing wrong? Thanks
> >
> > http
> > {
> > root /var/www/html;
> > server
> > {
> > listen  10.0.1.163;
> > server_name  dev.testsite.com;
> > location /nagios/
> > {
> > root /usr/local/nagios/share;
> > index index.php;
> > }
> > location /
> > {
> > index  index.php;
> > error_page 404 = @joomla;
> > log_not_found off;
> > }
> > location @joomla
> > {
> > rewrite ^(.*)$ /index.php?q=$1 last;
> > }
> >
> > location ~ \.php$
> > {
> > include fcgi;
> > fastcgi_pass 127.0.0.1:9000;
> > }
> >
> > }
> > }
>
> For security reasons I suggest you constrain which exact locations can
> be used for FastCGI. Using a generic regex for any file with php
> extension opens a big security hole. This was discussed not long ago
> on the list.
>
> Instead you should enumerate which files are to be handled by FastCGI
> and return a 404 for every other file that is not enumerated. E.g.,
>
> location ~* ^/index\.php$ {
>   include fcgi;
>  fastcgi_pass 127.0.0.1:9000;
> }
>
> And put at the end of the config file:
>
> # Any other attempt to access PHP files returns a 404.
> location ~* ^.+\.php$ {
>  return 404;
> }
>
> --- appa
>
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nginx.org/pipermail/nginx/attachments/20101003/c732aa21/attachment.html>


More information about the nginx mailing list