Created
October 28, 2019 18:10
-
-
Save simos/9a87bedfcd720ccda0cff54fd06ddd0f to your computer and use it in GitHub Desktop.
Minimal server block for nginx to demonstrate php-fpm security vulnerability
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # See article at https://blog.simos.info/testing-cve-2019-11043-php-fpm-security-vulnerability-with-lxd-system-containers/ | |
| # Location: /etc/nginx/sites-enabled/default | |
| server { | |
| listen 80 default_server; | |
| root /var/www/html; | |
| # Add index.php to the list if you are using PHP | |
| index index.html index.php; | |
| server_name _; | |
| location / { | |
| # First attempt to serve request as file, then | |
| # as directory, then fall back to displaying a 404. | |
| try_files $uri $uri/ =404; | |
| } | |
| # pass PHP scripts to FastCGI server | |
| # | |
| location ~ [^/].php(/|$) { | |
| include fastcgi.conf; | |
| # regex to split $uri to $fastcgi_script_name and $fastcgi_path | |
| fastcgi_split_path_info ^(.+.php)(/.+)$; | |
| # Check that the PHP script exists before passing it | |
| #try_files $fastcgi_script_name =404; | |
| # Bypass the fact that try_files resets $fastcgi_path_info | |
| # see: http://trac.nginx.org/nginx/ticket/321 | |
| set $path_info $fastcgi_path_info; | |
| fastcgi_param PATH_INFO $path_info; | |
| fastcgi_index index.php; | |
| fastcgi_pass unix:/var/run/php/php7.2-fpm.sock; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment