Update nginx.conf

Updated to include code to prevent remote code execution on certain nginx/php-fpm configurations
This commit is contained in:
okpierre 2019-10-26 01:04:28 -04:00 committed by GitHub
parent 8b57a2cfe8
commit 5ff9d92830
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -30,6 +30,7 @@ server {
location ~ \.php$ { location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_split_path_info ^(.+\.php)(/.+)$;
try_files $fastcgi_script_name =404;
fastcgi_pass unix:/run/php-fpm/php-fpm.sock; # make sure this is correct fastcgi_pass unix:/run/php-fpm/php-fpm.sock; # make sure this is correct
fastcgi_index index.php; fastcgi_index index.php;
include fastcgi_params; include fastcgi_params;