Configuring nginx for both static pages and fcgi simultaneously

Maxim Dounin mdounin at
Thu Aug 4 00:35:24 UTC 2016


On Wed, Aug 03, 2016 at 07:07:53PM +0200, B.R. wrote:

> I disagree: it is a good feature to check for script file existence before
> calling PHP on it with something like:
> try_files [...] =404;
> It helps mitigating attacks by avoiding to pave the way to undue files
> being interpreted.
> That only works if the filesystem containing PHP scripts is accessible from
> nginx aswell, ofc.

While `try_files ... =404` may be usable to mitigate various PHP bugs and 
misconfigurations (assuming you don't care about efficiency), it's 
not something that can be used to differentiate static and dynamic 
content - and that's what the original question was about.

Additionally, the original question suggests that it's not about 
PHP with multiple scripts, but instead a real FastCGI application.  
Which makes `try_files ... =404` completely wrong.

Maxim Dounin

More information about the nginx mailing list