fastcgi & index

Maxim Dounin mdounin at
Thu Feb 13 14:14:11 UTC 2014


On Thu, Feb 13, 2014 at 02:47:35PM +0100, António P. P. Almeida wrote:

> No I mean the \.php regex based one.

So now you probably know why top-posting is discouraged.  ;)

> It's just that it opens the door to a lot of problems by allowing all .php
> scripts to be
> processed.
> Furthermore it's even mentioned on the wiki Pitfalls page:

Trivial and correct fix for the problem mentioned on the wiki is 
to properly configure php, with cgi.fix_pathinfo=0.

I would also recommend not allowing php at all under the locations 
where you allow untrusted parties to put files - or, rather, only 
allow php under locations where are untrusted parties are not 
allowed to put files, by properly isolating \.php$ location.

But again, there is nothing wrong with the configuration per se.

Maxim Dounin

More information about the nginx mailing list