Manual talk:Short URL/Page title - nginx, Root Access, PHP as a CGI module

Can we get explanation from User:Dantman why he keeps adding the bad shorturl header? The methods described work fine and are extensively tested running against millions of users on a daily basis. As well, this header being added directs people to a personal/commercial site of User:Dantman. Alexia E. Smith (talk) 16:54, 13 August 2014 (UTC)Reply

The configuration for example allows access to .htpasswd files, to deleted uploads and to folders like maintenance/, cache/ and so on, which are not receiving any protection. And these are just a few shortcomings, which I spotted on a quick glance. As long as we do not have a proper setup guide here on mediawiki.org (which in big parts would only mirror the one from redworks btw), at least linking their guide is perfectly fine, if it is not a necessity. --2003:72:6D7B:EF00:FC02:E1BB:250A:C424 12:48, 24 June 2017 (UTC)Reply

And deleted images, which should no longer be accessible from the web, are not protected as well. --2003:72:6D2C:2A00:3105:BC0F:227A:92D3 07:05, 16 July 2017 (UTC)Reply

The warning on this page is confusing to understand. Is the provided nginx configuration still exposing dangerous files? If using the redwerks service do you have to use a mixture of the provided nginx configuration with some sections replaced with the provided redwerks information? Mediabobedit (talk) 00:02, 16 September 2023 (UTC)Reply