Hi, When looking into my vhost files I noticed the fastcgi_split_path_info directive is not included in my php location blocks. ie: Code: location ~ \.php$ { try_files /2684c31a9ddedd6833f0ac523fee9f1f.htm @php; } location @php { try_files $uri =404; include /etc/nginx/fastcgi_params; fastcgi_pass 127.0.0.1:9011; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_intercept_errors on; fastcgi_read_timeout 200; } Shouldn't my location @php contain "fastcgi_split_path_info" for safety's sake? I have cgi.fix_pathinfo = 0 in my php.ini Just to be clear, shouldn't the generated vhost files have the following location @php directive? Code: location @php { try_files $uri =404; include /etc/nginx/fastcgi_params; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass 127.0.0.1:9011; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_intercept_errors on; fastcgi_read_timeout 200; }
As far as I know this settings is not required as we have already "try_files $uri =404;" see: http://serverfault.com/questions/502790/security-issue-on-nginx-php-fastcgi-split-path-info
