external/iiab
1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-02-15 04:32:11 +00:00
Code Issues Releases Wiki Activity

Merge pull request #2887 from holta/nginx-cgi-bin-security

Browse source 
NGINX Security Risk: Remove /cgi-bin access to /usr/lib ?
This commit is contained in:
A Holt 2021-07-30 17:07:01 -04:00 committed by GitHub
commit 3bb1812a02
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
roles/nginx/templates/server.conf.j2
View file

@ -20,9 +20,10 @@ server {
include fastcgi_params; include fastcgi_params;
} }
location /cgi-bin { # 2021-07-30: Security risk identified by @tim-moody
root /usr/lib; #location /cgi-bin {
} # root /usr/lib;
#}
# if you don't like seeing all the errors for missing favicon.ico in root # if you don't like seeing all the errors for missing favicon.ico in root
location = /favicon.ico { access_log off; log_not_found off; } location = /favicon.ico { access_log off; log_not_found off; }