Help! Nginx Vulnerable Remote file inclusion

escavern nginx-forum at nginx.us
Sat Dec 3 06:36:10 UTC 2011


This is my PHP configuration : 
-------------------------------------------------------------------------------------------------------

    server {
        listen       80;
        server_name  www.ceriwis.org;
	 #rewrite ^/(.*) http://ceriwis.us/$1 permanent;
	 client_max_body_size 50M;

        #access_log  logs/host.access.log  main;

        location / {
            root   /home/ceriorg/public_html;
           index                           index.php index.html;
           
       
	
	location /crwscp {
        auth_basic "Administrator Login";
        auth_basic_user_file /home/htpasswd.txt;
    }

location ~ \..*/.*\.php {
return 403;
}






if ($http_user_agent ~* "^.*(sharp).*") {
return 403;
}

        }
       	 

        error_page  404              /404.html;
        location = /404.html {
            root   /usr/share/nginx/html;
        }

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   /usr/share/nginx/html;
        }


        # pass the PHP scripts to FastCGI server listening on
127.0.0.1:9000
        #
        location ~ \.php$ {
            root           public_html;
            include        fastcgi_params;
            fastcgi_pass   127.0.0.1:9000;
            fastcgi_index  index.php;
            fastcgi_param HTTPS on;
            fastcgi_param  SCRIPT_FILENAME 
/home/ceriorg/public_html$fastcgi_script_name;
            #fastcgi_intercept_errors on;
            
            
        }


    }
-------------------------------------------------------------------------------------------------------

i hope you can help me

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,219523,219529#msg-219529



More information about the nginx mailing list