Drupal SA on uncontrolled PHP execution
There's the Drupal core security advisory just released that talks about the uncontrolled PHP execution. here's some remarks.
-
If you're using the config available on the Nginx wiki you're vulnerable.
That config has a catch all location
location ~ \.php$ {...}
for handling
PHP script execution. -
If you're using any of the configs recommended on the [Nginx group] (https://groups.drupal.org/nginx) you're safe.
Nginx, Mac OS X, Media Module Upload Troubles
Hi, I'm posting this because I'm at my wits end with trying to solve this one issue I'm having.
Read moreNeed advice on setting up BOA for multiple servers in order to clone sites between each server easily
Hi there,
I would like some advice on how to best go about achieving a dev-stage-pro workflow using BOA across multiple servers.
I currently have 3 VPS', (2 with Linode, and another with a local provider). I also have a HP Proliant, at home, that i'm wanting to repurpose as a dev server and throw into the mix.
Read moreClean URLs working fine, pager, overlay and other queries not
In D7 (upgraded from D6) I have managed to get clean URLs working with Nginx thanks to the various help and documentation available here and there online.
What doesn't work are queries of the ?page=1
or ?destination=
type, for some reason.
The config is very similar to: http://docs.ngx.cc/en/latest/topics/apps/drupal.html, particulary the line:
location @rewrite {
rewrite ^/(.*)$ /index.php?q=$1;
and the few preceding lines.
Read moreconverting from apache 2 with mod_fcgid to Nginx on Ubuntu VPS
I am currently running my site on a Ubuntu 12.04 LTS with apache 2, memcache, APC and varnish. I am still using alot of resources with little or no activity on my site. I am thinking about migrating to Nginx. Anyone out there have any experience moving from apache 2 to nginx?
Read moreNginx and ETag/If-None-Match
Hi,
Somebody know if ETag/If-None-Match headers works with Nginx?
With Apache I can add this code:
RewriteRule .* - [E=HTTP_IF_MODIFIED_SINCE:%{HTTP:If-Modified-Since}]
RewriteRule .* - [E=HTTP_IF_NONE_MATCH:%{HTTP:If-None-Match}]
But how I can do that with Nginx?
Thanks
Read moreRedirecting IE9 compatibly with nginx when behind a load balancer
I'm having a nightmarish problem getting IE 9 to redirect from http to https. I've looked at a discussion from about a year ago (http://groups.drupal.org/node/206813), but in that case, nginx is in complete control.
In my case, I'm in AWS, and https is actually getting handled by an elastic load balancer (ELB), which is proxying over to nginx over port 80, and setting http_x_forwarded_proto:
<
pre>
#x_forwarded_proto stuff for elb/https issues - see http://daniel.hahler.de/handle-x-forwarded-proto-in-backend-nginx
set $my_https "off";
Which PHP files of core and modules must be accessible from browser?
First of all, excuse my English. I hope you can understand what I want to ask.
For a long time I have used this NginX config as a template for mine own, but I am very unsatisfied with it's security concerning PHP files. I mean, there are only some PHP files which a really needed for Drupal to work: index.php, update.php and cron.php (install.php used only once and I don't use any features of xmlrpc.php). So I want to rewrite my NginX config to grant access only for enlisted PHP files.
Read moreclean URLs on nginx
Hi.
I posted a nginx question with some configs in the drupal.org post-installation forum. Would anybody have a few minutes to review the config I posted and tell me if they see anything blatently wrong? I simply cannot get clean URLs to work. The config I'm adapting is the boost one, and to note may be that the last commit to that repo was over 3 years ago so maybe there's something new?
Nginx config can not get the rewrite right on EC2. Message "The requested page "/" could not be found."
I have been working on this for a few days now and I can not get it to work. I am having the same error after every install on my amazon EC2. I have done the exact steps as on my local machine and it will not work for me on my EC2 server. I am getting to the end of the installation right after it asks for the databases info and it goes to a page saying "Page not found. The requested page "/" could not be found." this is being displayed in the Drupal default theme so it is working. If you are reading this before I get it fixed check out dutgriff.com to see what it is displaying.
Read more