nginx php hack 보안 설정

nginx php hack 보안 설정방법

php.ini의 cgi.fix_pathinfo 확인

cat /etc/php5/fpm/php/ini | grep cgi.fix_pathinfo
; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED suppert for CGI.  PHP's
cgi.fix_pathinfo=1

cgi.fix_pathinfo=1 일경우 cgi.fix_pathinfo=0으로 edit

; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED suppert for CGI.  PHP's
cgi.fix_pathinfo=0

참조 URL : http://cnedelcu.blogspot.kr/2010/05/nginx-php-via-fastcgi-important.html
http://wiki.nginx.org/Pitfalls#Passing_Uncontrolled_Requests_to_PHP