Question about best practice with the cgi.fix_pathinfo setting.

Most online tutorials and guides suggest chaning the cgi.fix_pathinfo to 0 in the php.ini file

You should have "cgi.fix_pathinfo = 0;" in php.ini

But ee does not do this, any reason why this choice was made?



This guide run fine on php.ini cgi.fix_pathinfo = 1 (the default). Some guide insist to change it to cgi.fix_pathinfo = 0 but doing that make PHP_SELF variable broken (not equal to DOCUMENT_URI).


Why you need to set that varible 0, can you elaborate that?


@datagroove I am aware of that recommendation but we use nginx’s try_files directive.

So security issue associated with cgi.fix_pathinfo = 1 never gets into picture.

cgi.fix_pathinfo = 0 still makes sense when PHP-FPM and Nginx is on different server. But in cluster/multi-server configuration also, we make sure every instance has Nginx on front-end. So we never need cgi.fix_pathinfo = 0.

Apart from this, there are many more advantages of try_files directive so it is used everywhere.


Hi @datagroove

It’s been a long time, and we haven’t heard from you. It looks like your query is resolved.

I am closing this support topic for now. Feel free to create a new support topic if you have any queries further. :slight_smile: