Protect against php files being send as static files

Francis Daly francis at daoine.org
Tue Mar 5 23:59:40 UTC 2019


On Tue, Mar 05, 2019 at 06:50:54AM -0500, Olaf van der Spek wrote:

Hi there,

> Is there a way to protect against php files being send as static files /
> source due to some php specific configuration being missed (by accident)?
> Another web server has this by default: static-file.exclude-extensions = (
> ".php", ".pl", ".fcgi" )

I don't think that stock-nginx has a configuration directive for this.

"Not putting files that you don't want sent, into a directory that nginx
has been told to send files from", would probably be the safest way to
avoid external misconfiguration.

	f
-- 
Francis Daly        francis at daoine.org


More information about the nginx mailing list