SA-CORE-2013-003 errors for Nginx

Events happening in the community are now at Drupal community events on www.drupal.org.
johntang's picture
Posted by johntang on December 8, 2013 at 12:27pm

Hi,

I'm using perusio Nginx config, when I updated to 7.24 on my website status show errors (See on attach)

See http://drupal.org/SA-CORE-2013-003 for information about the recommended .htaccess file which should be added to the sites/default/files/private directory to help protect against arbitrary code execution.

I have viewed the issues from https://groups.drupal.org/node/377458, which one is:

If you're using any of the configs recommended on the [Nginx group] (https://groups.drupal.org/nginx) you're safe.

Please tell me how can i fix this problem or hidden these error from page status. I'm using perusio then it's safe for my site?

Many Thanks,

AttachmentSize
drupal.png16.45 KB

Comments

If you're really using

Posted by perusio on December 8, 2013 at 3:15pm
perusio's picture

my config or Grace (omega8cc) config or others similar you are safe.

Bear in mind that I've seen people calling configs with location ~* \.php$ { perusio's config (sic).

Please help improve my

Posted by omega8cc on December 9, 2013 at 12:45pm
omega8cc's picture

Please help improve my patches to get it fixed in Drupal core finally: https://drupal.org/node/1559116

Good Day! Are there any

Posted by mrgoltra on February 25, 2014 at 7:27pm
mrgoltra's picture

Good Day!

Are there any updates on this? Just wondering? Should I just ignore the warning?

Thank you very much,

Mark

mrgoltra, you can just delete

Posted by Garrett Albright on February 25, 2014 at 8:45pm
Garrett Albright's picture

mrgoltra, you can just delete the .htaccess files to make the warning go away. Here's more information.

The Boise Drupal Guy!

Nginx

Group organizers

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds: