Protect against php files being send as static files

Olaf van der Spek nginx-forum at forum.nginx.org
Tue Mar 12 08:45:34 UTC 2019


Francis Daly Wrote:
> I don't think that stock-nginx has a configuration directive for this.
> 
> "Not putting files that you don't want sent, into a directory that
> nginx
> has been told to send files from", would probably be the safest way to
> avoid external misconfiguration.

Sure, but as that's bound to happen anyway sometime somewhere, some defense
in depth would be nice.

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,283274,283349#msg-283349



More information about the nginx mailing list