Hello! On Wed, Aug 03, 2016 at 07:07:53PM +0200, B.R. wrote:
> I disagree: it is a good feature to check for script file existence before > calling PHP on it with something like: > try_files [...] =404; > It helps mitigating attacks by avoiding to pave the way to undue files > being interpreted. > > That only works if the filesystem containing PHP scripts is accessible from > nginx aswell, ofc. While `try_files ... =404` may be usable to mitigate various PHP bugs and misconfigurations (assuming you don't care about efficiency), it's not something that can be used to differentiate static and dynamic content - and that's what the original question was about. Additionally, the original question suggests that it's not about PHP with multiple scripts, but instead a real FastCGI application. Which makes `try_files ... =404` completely wrong. -- Maxim Dounin http://nginx.org/ _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
