Clement Nedelcu's Development Journal

A critical security issue has recently been pointed out on servers that run Nginx and PHP via FastCGI. The issue allows anyone to execute their own PHP code on the system, I don't think I have to remind you of the consequences this could have. I will attempt to provide a simple explanation of the issue and more importantly how to fix it. What is the issue? I would like to begin by discussing the nature of the problem: it is not caused by Nginx itself - it is not a bug or a security breach in itself. Actually, it is the way that people usually configure Nginx FastCGI options to work with PHP, and how PHP reacts to that configuration. Pretty much everyone adopts the same configuration without being aware of the issue. The issue itself can be understood simply, then I will explain why PHP behaves that way. Most dynamic websites allow for a reason or another uploading of files. Say, I'm running a forum-based community, users can upload images to use as personal photo or ava...

Today I'll write about something I experienced personally, on my websites. Some visitors reported that they were getting a "400 Bad Request" Nginx error randomly when visiting pages. And when they start getting that error, they can't access the site anymore: it'll output the same error no matter the page, until you "clear your cache and cookies". The error is easily understandable and is likely to be caused by... too much cookie data. Every time a visitor loads *any* page/content/file of your website, it sends the cookie data to the server. Cookie data is sent under the form of 1 header line starting with "Cookie: ". Basically, Nginx by default is configured to accept header lines of a maximum size of 4 kilobytes. When a line in the headers exceeds 4 kilobytes, Nginx returns the '400 Bad Request' error. Cookie data sometimes gets big, so it causes the error. It particularly happens on forums like vBulletin, Invision and others...

Hello! So I was looking into solutions for saving a MMS stream on my server. My connection at home isn't fast enough so I cant watch most of the streams, I'd rather have those downloaded by my dedicated server and then I download the file off my server. I first looked into mimms : http://savannah.nongnu.org/download/mimms/ Unfortunately it was written in Python and I was missing Python 2.5. After struggling with my system I couldn't get it to work (missing dependencies one after the other). So I kept looking and I found mmsclient . The official website: http://ole.tange.dk/projekter/kontroversielt/www.geocities.com/majormms/ (actually a copy of the site, which was hosted on Geocities previously). Scroll down to the bottom of the page where it says "mmsclient". You will find a link to download it. I've mirrored the link here just in case: http://gbatemp.net/up/mms_client-0.0.3.tar.gz To install mmsclient, follow these simple steps: 1) Download the ...