Securing PHP-FastCGI on Nginx

Via Hacker News. Setting up PHP-FastCGI and nginx? Don’t trust the tutorials: check your configuration! I have in fact written quite a few tutorials and published automated scripts that are vulnerable. Seems the easiest way to prevent this issue is by adding a try_files statement (or a if (-f $request_filename) if Nginx -V < 0.7.27) into location ~ \.php block. For example

location ~ \.php$ { # For nginx -V >= 0.7.27
  try_files $uri =404;
  fastcgi_pass localhost:8080;
  ...
}
location ~ \.php$ { # For nginx -V < 0.7.27, i.e. Debian 5
  if (-f $request_filename) {
    fastcgi_pass localhost:8080;
  }
  ...
}