千万个美丽的未来,抵不上一个温暖的现在,每一个真实的现在,都是我们曾经幻想的未来!
分页: 1/1 第一页 1 最后页 [ 显示模式: 摘要 | 列表 ]
Mar 13
具体配置文件参考:
fastcgi.conf

fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;

fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
fastcgi_param  QUERY_STRING       $query_string;
fastcgi_param  REQUEST_METHOD     $request_method;
fastcgi_param  CONTENT_TYPE       $content_type;
fastcgi_param  CONTENT_LENGTH     $content_length;

fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_URI       $document_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;

fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;

fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;

fastcgi_param PATH_INFO           $path_info;

# PHP only, required if PHP was built with --enable-force-cgi-redirect
#fastcgi_param  REDIRECT_STATUS    200;


nginx.conf

user      nginx nginx;
worker_processes  16;

error_log  logs/nginx_error.log  crit;
pid        logs/nginx.pid;

events {
    worker_connections  65535;
}

http {
    include       mime.types;
    default_type  application/octet-stream;

    log_format  weblog  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  logs/access.log  weblog;

    sendfile        on;
    tcp_nopush     on;

    keepalive_timeout  65;

    gzip on;
    gzip_min_length  1k;
    gzip_buffers     4 16k;
    gzip_http_version 1.0;
    gzip_proxied any;
    gzip_comp_level 2;
    gzip_types       text/plain application/x-javascript text/css application/xml;
    gzip_vary on;
    include /usr/local/nginx/conf/test.conf;
}


test.conf

server
{
        listen 80;
        server_name www.test.com;
        access_log logs/test.log;
        root /home/wwwroot/ci;
        index index.php index.html index.htm;

        location / {
                if (!-e $request_filename) {
                        rewrite ^/(.*)$ /index.php/$1 last;
                }  
        }

        location ~ \.php {
                set $real_script_name $fastcgi_script_name;
                set $path_info "";
                if ($fastcgi_script_name ~ "^(.+?\.php)(/.+)
                        set $real_script_name $1;
                        set $path_info $2;
                }  
                fastcgi_param SCRIPT_FILENAME $document_root$real_script_name;
                fastcgi_param SCRIPT_NAME $real_script_name;
                fastcgi_param PATH_INFO $path_info;
                include fastcgi.conf;
        }
}

以上配置可以支持ThinkPHP,CI,ZF等等框架

下面是NGINX官方对于pathinfo提供的解决方法:
fastcgi_split_path_info
syntax: fastcgi_split_path_info regex
context: location
version: ≥ 0.7.31

This directive allows the setting of the SCRIPT_FILENAME (SCRIPT_NAME) and PATH_INFO variables of the CGI specification. The regex consists of two groups:

path to the script that will handle the request — corresponding to $fastcgi_script_name.
the value of the parameter to be given to the script — corresponding to the $fastcgi_path_info.

Here's an example. The script show.php receives as argument the string article/0001. The following configuration will handle path splitting properly:

location ~ ^.+\.php {
  (...)
  fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
  fastcgi_param SCRIPT_FILENAME /path/to/php$fastcgi_script_name;
  fastcgi_param PATH_INFO $fastcgi_path_info;
  fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
  (...)
}

Requesting /show.php/article/0001 sets SCRIPT_FILENAME to /path/to/php/show.php and PATH_INFO to /article/0001.
Sep 24
由于脚本编写时出错导致可能存在pathinfo漏洞,请所有lnmp用户检查一下php的pathinfo设置!!!

编辑/usr/local/webserver/php/etc/php.ini 文件,搜索 cgi.fix_pathinfo ,如果cgi.fix_pathinfo 该行为 ; cgi.fix_pathinfo=0 请修改为 cgi.fix_pathinfo=0
或直接执行:sed -i 's/; cgi.fix_pathinfo=0/cgi.fix_pathinfo=0/g' /usr/local/webserver/php/etc/php.ini

再执行:/usr/local/webserver/php/sbin/php-fpm restart 重启php-fpm

如果是cgi.fix_pathinfo=0则没问题,不需要修改。
请各位lnmp(linux+nginx+mysql+php)用户检查一下,防止pathinfo漏洞给网站或服务器带来安全隐患。
Tags: ,
分页: 1/1 第一页 1 最后页 [ 显示模式: 摘要 | 列表 ]