New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
It definitively convinced me to switch to H2O.
I switched from Apache to nginx, long ago, because it was consuming way less resources, then, I started to look at other web servers (because you always need to have a Plan B, just in case), and I liked H2O a lot.
If you chose Apache, you settled for a Chevrolet.
Ok, I was afraid you will tell me I settled for Geely or Tata. Chevrolet is still driveable.
I guess I will learn and use Nginx if my websites crashes from too much traffic. It is a happy problem if that happens.
I own and drive a Tata 11 years and counting. Held together by duct tape in some areas. But I wouldn't trade my horse for anything that treads (to quote Shakespeare).
In my case, added lighttpd to make the party complete.
And in the light of what I wrote about the car, traffic and crashes are not desirable for me.Cheers
OpenLiteSpeed is quite a decent alternative to nginx. Same or even better performance.
Put it in H!
A Chevy is fine for me!
I was using nginx with php-fpm, but apparently my server did not have this vulnerability.
This happens is you are running php-fpm with this configuration:
However I was running php with:
And was not able to run this exploit as it as based on the regex for "fastcgi_split_path_info" which I don't have.
Hope this helps someone.
Edit:
Forgot to mention that I'm running nginx due to its low memory usage and the fact that I'm using it as a reverse proxy.
My main site runs on the slow apache as I prefer running fcgi (I think) where php runs as individual user, and not as www-data or single user.
Check your 'fastcgi_params'. It sometimes is there but you are safe since you are using 'try_files $uri =404'.
no, it only contains this:
It is used to define some global values as fastcgi does not have them by default.