Let’s look at two paragraphs that usually set no permission for the upload directory, the configuration is as follows:
Order Allow, Deny
Deny from all
There is also the one on the Internet that has no execution permission for the nginx upload directory
location ~ ^/upload/.*\.(php|php5)$
{
deny all;
}
These configurations seem to be no problem on the surface, and it can be said that it is true under Windows.
But *nux is different. Everyone knows that the *nux operating system is case-sensitive. Here, if you change the uppercase suffix *.phP, it will bypasss
Here I will talk about my personal solution:
//? is as many matching .php strings as possible, i is case-insensitive, and then the colon is followed by the regular expression
Order Allow, Deny
Deny from all
The above means that all php files in the /var/www/upload directory are not case-sensitive, and it is also applicable to nginx to judge and refuse to execute php files based on the order, allow, and deny principles.
Note: st0p wrote an article specifically for this regular usage, if you don’t understand this regular, you can refer to it
http://www.jb51.net/article/25673.htm
Another method, we have all used this
php_admin_flag engine off
微信扫一扫打赏
支付宝扫一扫打赏
