Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
S
S
Sergey Pugovkin2017-05-28 20:28:08
Nginx
Sergey Pugovkin, 2017-05-28 20:28:08

Is it possible in nginx to rise above the document root via the request URI?

nginx.org/ru/docs/http/ngx_http_core_module.html#v...

$request_filename
path to the file for the current request, formed from the root or alias directives and the request URI

And if a URI like '/../../../etc'. Does nginx take this into account by limiting the request to the document root?
Would such a design be safe?
root /home/sergey/www;
location / {
    try_files $uri $uri/ =404;
}
location ~ \.lua$ {
    default_type text/html;
    content_by_lua_file $request_filename;
}

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
B
Boris Korobkov, 2017-05-28
@Driver86

Safely. You can't rise above root by specifying "../" in a URI.

Similar questions
Y
Yugg02022-03-29 15:58:04
How to implement a given ScriptableObject function in Unity? 3Reply
Y
Yan2019-02-15 18:20:12
When deleting a file/folder, do I need to refresh the folder/desktop to make it disappear? 3Reply
N
Nikita2014-08-19 12:04:02
How to set up PHP via fastCGI/Nginx in ubuntu server 14.04 in virtualbox with access forwarding from host machine? 2Reply
T
Tesla2016-08-31 14:11:19
How to fix file permissions? 1Reply
H
HocReal2016-09-01 16:19:25
How to configure nginx redirect with exception by url? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question