fastcgi & index

Grant emailgrant at
Thu Feb 13 14:18:07 UTC 2014

>> No I mean the \.php regex based one.
> So now you probably know why top-posting is discouraged.  ;)
>> It's just that it opens the door to a lot of problems by allowing all .php
>> scripts to be
>> processed.
>> Furthermore it's even mentioned on the wiki Pitfalls page:
> Trivial and correct fix for the problem mentioned on the wiki is
> to properly configure php, with cgi.fix_pathinfo=0.
> I would also recommend not allowing php at all under the locations
> where you allow untrusted parties to put files - or, rather, only
> allow php under locations where are untrusted parties are not
> allowed to put files, by properly isolating \.php$ location.
> But again, there is nothing wrong with the configuration per se.

Is the example from the wiki a good one to use?

location ~ [^/]\.php(/|$) {

- Grant

More information about the nginx mailing list