.htaccess style support in existing nginx

Jonathan Matthews contact at jpluscplusm.com
Fri Oct 26 10:00:47 UTC 2012


On 26 October 2012 09:38, rahul286 <nginx-forum at nginx.us> wrote:
> Yes, we will take whitelisting approach only.
>
> Rather than giving direct command  like "nginx -t && service nginx reload"
> in sudoers list, we will create a small shell script, put it outside
> web-writable path (so php/web-scripts cannot alter it)
>
> www-data user will have sudo privilege on our script only

Don't forget the simplest DoS of all - just create a config file
snippet that causes "nginx -t" to fail.
Then no-one can reload.

(It's still a bad idea, sorry!)

Jonathan
-- 
Jonathan Matthews // Oxford, London, UK
http://www.jpluscplusm.com/contact.html



More information about the nginx mailing list