Some users posted they had an issue with the pathinfo fix messing up their wordpress urls..

I tried this solution:

Code: 
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires 1y;
log_not_found off;
}

  location ~ \.php$ {
  include /etc/nginx/fastcgi_params;
fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME /home/www/dubstepremix.org/public_html$fastcgi_script_name;
  if ($uri !~ "^/images/") {
    fastcgi_pass 127.0.0.1:9000;
  
}
    
  }
}
I added that to the end of my individual site Conf file. Hopefully thats right.

I did try http://mywebsite.com/images/picture.png/index.php, it now correctly gives the 404 Error.

EDIT: Just saw your 2nd post after posting this one, ...arggh now I have to check what version of Nginx I have an update it too lol. Thanks for bringing these things up!


After publishing my previous blog post on PHP, nginx configuration, and potential arbitrary code execution, I came across a separate null-byte injection vulnerability in older versions of nginx (0.5.*, 0.6.*, 0.7 <= 0.7.65, 0.8 <= 0.8.37). By taking advantage of this vulnerability, an attacker can cause a server that uses PHP-FastCGI to execute any publicly accessible file on the server as PHP.
I have version 1.02 of Nginx on PHP-FPM, I guess that should be okay?
LuDo8 Reviewed by LuDo8 on . Securing php-fpm with nginx Found this one while searching how to secure php-fpm. Source: https://nealpoole.com/blog/2011/04/setting-up-php-fastcgi-and-nginx-dont-trust-the-tutorials-check-your-configuration/ Rating: 5