0x00 test environment 498) this.width=498 ' OnMouseWheel = ' javascript:return big (This) ' border= ' 0 "alt=" nginx Security Configuration Research "src=" http:// S8.51cto.com/wyfs02/m02/23/37/wkiol1m1giqgyosxaaa1uofgzue701.jpg "width=" 333 "height=" 244 "/> Operating system: CentOS6.5 Web server: Nginx1.4.6 PHP Version: php5.4.260x01 nginx Introduction Nginx itself can not handle PHP, it is just a Web server, when the request, if it is a PHP request, then sent to the PHP interpreter processing, and return the results to the client. Nginx is generally the request to send fastcgi management process processing, FASTCGI management process Select the CGI subprocess processing results and return to be nginx. Nginx involves two accounts, one is Nginx's running account and one is PHP-FPM's running account. If you are accessing a static file, you only need the Nginx run account to have read access to the file, and if you are accessing a PHP file, you first need to nginx the running account to have read access to the file, read to the file after the discovery is a PHP file, then forwarded to PHP-FPM, At this point, you need the PHP-FPM account to have read access to the file. Conclusion of the 0X02 study found 1. Under Linux, to read a file, you first need to have execute permissions on the folder where the file resides, and then you need to read permissions on the file. 2. php file execution does not require file execution permissions, only Nginx and PHP-FPM run account Read permissions. 3. Upload the Trojan, can not list the contents of a folder, with the PHP-FPM running account of the folder Read permissions. 4. The authority of the Trojan to execute the command is related to the PHP-FPM's account. 5. If the Trojan is to carry out the order, need PHP-FPM account to the corresponding SH has the execution authority. 6. To read a file within a folder, you do not need to have Read permissions on the folder, you need only execute permissions on the folder. 0X03 Nginx server involves security Configuration 1. Configuration of the Nginx.conf 2. Php-fpm.conf 3. The Nginx and PHP-FPM run accounts have permissions configured on the disk 4. PHP.ini Configuration 1 2 3 Next >> view full-text navigation 1th page: Nginx introduction page 2nd: Common needs Configuration Method 3rd: Nginx Security Configuration Scheme Original: Nginx Security Configuration Study (1) Return to network security home
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.