On 10/31/19 10:49 AM, Thomas Stephen Lee wrote: > Hi, > > what is the workaround for this? > > https://www.nginx.com/blog/php-fpm-cve-2019-11043-vulnerability-nginx/ > > in either CentOS 7 or 8 ? > > thanks > > --- > Thomas Stephen Lee > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos The simplest is to conditionally set PATH_INFO if it's not empty: fastcgi_param PATH_INFO $fastcgi_path_info if_not_empty; Another option is to explicitly test whether the fastcgi script path exists : if (!-f $document_root$fastcgi_script_name) { return 404; } -- Marius