ENXF NET
Administrator
Staff member
Administrator
Moderator
+Lifetime VIP+
S.V.I.P.S Member
S.V.I.P Member
V.I.P Member
Collaborate
Registered
- Joined
- Nov 13, 2018
- Messages
- 24,726
- Points
- 823
In XenForo 2.x manual, where nginx webserver configuration described, there's a potential security fault related to php scripts:
xenforo.com
With this setup, every visitor still can execute any php scripts behind protected folders, like src, internal_data, etc
All protected routes need to have
NGINX:
Read more
Continue reading...
Friendly URLs | Manual | XenForo
End-user documentation for XenForo
With this setup, every visitor still can execute any php scripts behind protected folders, like src, internal_data, etc
All protected routes need to have
^~ at the beginning of path, so the final version should look like this:NGINX:
Code:
location ^~ /xf/install/data/ {
internal;
}
location ^~...Read more
Continue reading...