- Implemented FR #55181 (Enhance security by limiting access to user defined extensions)

author: Jérôme Loyet <fat@php.net> 2011-07-12 23:00:42 +0000
committer: Jérôme Loyet <fat@php.net> 2011-07-12 23:00:42 +0000
commit: 2f0a379c03aa152c3aba0193efd94eed2dbbe6b9 (patch)
tree: fac1e3f098f40a1fed3058e35a2580afc56601aa /sapi/fpm/php-fpm.conf.in
parent: 0909cafc7d9bb4fdb6f1d9cd9e7a53cd0f2fb619 (diff)
download: php-git-2f0a379c03aa152c3aba0193efd94eed2dbbe6b9.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/sapi/fpm/php-fpm.conf.in b/sapi/fpm/php-fpm.conf.in
index b3151c0a99..8c9d4bb406 100644
--- a/sapi/fpm/php-fpm.conf.in
+++ b/sapi/fpm/php-fpm.conf.in
@@ -421,6 +421,14 @@ pm.max_spare_servers = 3
 ; process time (several ms).
 ; Default Value: no
 ;catch_workers_output = yes
+
+; Limits the extensions of the main script FPM will allow to parse. This can
+; prevent configuration mistakes on the web server side. You should only limit
+; FPM to .php extensions to prevent malicious users to use other extensions to
+; exectute php code.
+; Note: set an empty value to allow all extensions.
+; Default Value: .php
+;security.limit_extensions = .php .php3 .php4 .php5
  
 ; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
 ; the current environment.
author	Jérôme Loyet <fat@php.net>	2011-07-12 23:00:42 +0000
committer	Jérôme Loyet <fat@php.net>	2011-07-12 23:00:42 +0000
commit	2f0a379c03aa152c3aba0193efd94eed2dbbe6b9 (patch)
tree	fac1e3f098f40a1fed3058e35a2580afc56601aa /sapi/fpm/php-fpm.conf.in
parent	0909cafc7d9bb4fdb6f1d9cd9e7a53cd0f2fb619 (diff)
download	php-git-2f0a379c03aa152c3aba0193efd94eed2dbbe6b9.tar.gz