fastcgi & index
António P. P. Almeida
appa at perusio.net
Thu Feb 13 13:09:34 UTC 2014
This type of configuration is insecure since there's no whitelisting of the
PHP scripts to be processed.
----appa
On Thu, Feb 13, 2014 at 1:34 PM, Maxim Dounin <mdounin at mdounin.ru> wrote:
> Hello!
>
> On Wed, Feb 12, 2014 at 03:23:05PM -0800, Grant wrote:
>
> > I've found that if I don't specify:
> >
> > index index.html index.htm index.php;
> >
> > in the server blocks where I use fastcgi, I can get a 403 due to the
> > forbidden directory index. I would have thought 'fastcgi_index
> > index.php;' would take care of that. If this is the expected
> > behavior, should the index directive be added to the fastcgi wiki?
>
> This is the expected and documented behaviour.
>
> The "fastcgi_index" directive is to instruct a fastcgi backend
> which file to use if a request with an URI ending with "/" is
> passed to the backend. That is, it makes sense in a configuration
> like this:
>
> location / {
> fastcgi_pass localhost:9000;
> fastcgi_index index.php;
> include fastcgi.conf;
> }
>
> It doesn't make sense in configurations with only *.php file
> passed to fastcgi backends though. E.g., in a configuration like
> this it doesn't make sense and should be removed:
>
> location ~ \.php$ {
> fastcgi_pass localhost:9000;
> # wrong: fastcgi_index doesn't make sense here
> fastcgi_index index.php;
> include fastcgi.conf;
> }
>
> In this case, normal index processing applies. It is explained in
> details in an introduction article here:
>
>
> http://nginx.org/en/docs/http/request_processing.html#simple_php_site_configuration
>
> --
> Maxim Dounin
> http://nginx.org/
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20140213/599faa52/attachment.html>
More information about the nginx
mailing list