Question about best practice with the cgi.fix_pathinfo setting.
Most online tutorials and guides suggest chaning the cgi.fix_pathinfo to 0 in the php.ini file
You should have "cgi.fix_pathinfo = 0;" in php.ini
But ee does not do this, any reason why this choice was made?
Hi,
This guide run fine on php.ini cgi.fix_pathinfo = 1 (the default). Some guide insist to change it to cgi.fix_pathinfo = 0 but doing that make PHP_SELF variable broken (not equal to DOCUMENT_URI).
Ref: http://wiki.nginx.org/PHPFcgiExample
Why you need to set that varible 0, can you elaborate that?
@datagroove I am aware of that recommendation but we use nginx’s try_files directive.
So security issue associated with cgi.fix_pathinfo = 1 never gets into picture.
cgi.fix_pathinfo = 0 still makes sense when PHP-FPM and Nginx is on different server. But in cluster/multi-server configuration also, we make sure every instance has Nginx on front-end. So we never need cgi.fix_pathinfo = 0.
Apart from this, there are many more advantages of try_files directive so it is used everywhere.
Hi @datagroove
It’s been a long time, and we haven’t heard from you. It looks like your query is resolved.
I am closing this support topic for now. Feel free to create a new support topic if you have any queries further. 