From b4b83eca41f9f782188133b7b1ac7e483924684a Mon Sep 17 00:00:00 2001 From: anmol26s Date: Sat, 5 May 2018 13:31:19 +0530 Subject: [PATCH] Futher fixed [Nginx] HTTP-Splitting vulnerability --- conf/nginx.conf | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index f375096f..efa84d83 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -31,17 +31,19 @@ # by denying dot files and rewrite request to the front controller location ^~ /.well-known/ { allow all; - rewrite ^/(.*) /index.php?q=$uri&$args last; + if (!-e $request_filename) { + rewrite ^(.*)$ /index.php?q=$1; + } } # statically serve these file types when possible # otherwise fall back to front controller # allow browser to cache them # added .htm for advanced source code editor library - location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|map|ttf|woff|woff2|svg)$ { - expires 30d; - try_files $uri /index.php?q=$uri&$args; - } + #location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|map|ttf|woff|woff2|svg)$ { + # expires 30d; + # try_files $uri /index.php?q=$uri&$args; + # } # block these file types location ~* \.(tpl|md|tgz|log|out)$ {