external/iiab
1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-03-09 15:40:17 +00:00
Code Issues Releases Wiki Activity

Merge pull request #2887 from holta/nginx-cgi-bin-security

Browse source 
NGINX Security Risk: Remove /cgi-bin access to /usr/lib ?
This commit is contained in:
A Holt 2021-07-30 17:07:01 -04:00 committed by GitHub
commit 3bb1812a02
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

7
roles/nginx/templates/server.conf.j2
View file

@ -20,9 +20,10 @@ server {
include fastcgi_params;
}
location /cgi-bin {
root /usr/lib;
}
# 2021-07-30: Security risk identified by @tim-moody
#location /cgi-bin {
# root /usr/lib;
#}
# if you don't like seeing all the errors for missing favicon.ico in root
location = /favicon.ico { access_log off; log_not_found off; }