2011年3月8日星期二

Re: Vulnerability in "Proxy Everything" (Wiki article Pitfalls)

On Tue, 2011-03-08 at 19:09 +0000, António P.P.Almeida wrote:

> That's a generic example. The pitfalls page is meant to warn you
> against some inadvisable practices. It's not meant to be a config
> recipe. You should always adapt your config to your application.
>
> As a rule all PHP (or whatever language file) scripts should be
> enumerated in the config, if possible with exact matchings, or if
> using PATHINFO with the correct pattern.
>
> Otherwise you're setting yourself up for getting p0wned.

So... maybe this pitfall should also be covered in the pitfalls page and
linked to from that example?

I agree with the OP that this example is bad, and given that people
usually read the minimal amount of documentation required to solve a
task, it's likely people will be caught with this.

Cliff


_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

没有评论:

发表评论