Securing PHP-FastCGI on Nginx
Via Hacker News. Setting up PHP-FastCGI and nginx? Don’t trust the tutorials: check your configuration! I have in fact written quite a few tutorials and published automated scripts that are vulnerable. Seems the easiest way to prevent this issue is by adding a try_files statement (or a if (-f $request_filename) if Nginx -V < 0.7.27) [...]
Playground is the personal weblog of Scott Yang, a Chinese-Australian Christian who works as a software developer in Sydney Australia.