Edit report at https://bugs.php.net/bug.php?id=55181&edit=1
ID: 55181 Updated by: f...@php.net Reported by: f...@php.net Summary: Enhance security by limiting the script extension -Status: Open +Status: Analyzed Type: Feature/Change Request Package: FPM related Operating System: any PHP Version: 5.3.6 -Assigned To: +Assigned To: fat Block user comment: N Private report: N Previous Comments: ------------------------------------------------------------------------ [2011-07-11 08:29:37] f...@php.net Description: ------------ If the web server in front of FPM is misconfigured, FPM can parse and execute PHP code from any kind of files (test.php, test.txt, test.jpg, test.css, ...). It should be possible to limit the extension of the primary script FPM will execute. Something like (in pool configuration) security.limit_extensions = .php if the primary script does not end with .php, an access denied is returned (403). ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=55181&edit=1
