Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Route all requests for non-existent files to index.php
- location ~* / {
- try_files $uri $uri/ ~* /index.php$is_args$args;
- }
- # Pass PHP scripts to php-fastcgi listening on port 9000
- location ~ \.php$ {
- # Zero-day exploit defense.
- # http://forum.nginx.org/read.php?2,88845,page=3
- # Won't work properly (404 error) if the file is not stored on
- # this server, which is entirely possible with php-fpm/php-fcgi.
- # Comment the 'try_files' line out if you set up php-fpm/php-fcgi
- # on another machine. And then cross your fingers that you won't get hacked.
- try_files $uri =404;
- include fastcgi_params;
- # Keep these parameters for compatibility with old PHP scripts using them.
- fastcgi_param PATH_INFO $fastcgi_path_info;
- fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
- # Some default config
- fastcgi_connect_timeout 20;
- fastcgi_send_timeout 180;
- fastcgi_read_timeout 180;
- fastcgi_buffer_size 128k;
- fastcgi_buffers 4 256k;
- fastcgi_busy_buffers_size 256k;
- fastcgi_temp_file_write_size 256k;
- fastcgi_intercept_errors on;
- fastcgi_ignore_client_abort off;
- fastcgi_pass 127.0.0.1:9000;
- }
- # PHP search for file Exploit:
- # The PHP regex location block fires instead of the try_files block. Therefore we need
- # to add "try_files $uri =404;" to make sure that "/uploads/virusimage.jpg/hello.php"
- # never executes the hidden php code inside virusimage.jpg because it can't find hello.php!
- # The exploit also can be stopped by adding "cgi.fix_pathinfo = 0" in your php.ini file.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement