summaryrefslogtreecommitdiff
path: root/nginx-confgen.pod
diff options
context:
space:
mode:
authorYorhel <git@yorhel.nl>2020-12-13 21:30:54 +0100
committerYorhel <git@yorhel.nl>2020-12-13 21:30:54 +0100
commitf53184496fc369c0c3ec99432c9b7b79434b0621 (patch)
tree3da006e1446fffa8a021ac1e42dad40f2bc1bf7f /nginx-confgen.pod
parent8ce4dd84f8914823536e75cf3adcecdb1c615b77 (diff)
Minor doc fixes
Diffstat (limited to 'nginx-confgen.pod')
-rw-r--r--nginx-confgen.pod10
1 files changed, 5 insertions, 5 deletions
diff --git a/nginx-confgen.pod b/nginx-confgen.pod
index 735a4cc..356b6dd 100644
--- a/nginx-confgen.pod
+++ b/nginx-confgen.pod
@@ -23,8 +23,8 @@ transformations and generate incorrect configuration files. Comments in the
input file will not be present in the output. See also the L</BUGS & WARTS>
below.
-B<WARNING:> Do NOT use nginx-confgen with untrusted input, the C<pre_exec>
-directive allows, by design, arbitrary code execution.
+B<SECURITY CONSIDERATION:> Do NOT use nginx-confgen with untrusted input, the
+C<pre_exec> directive allows arbitrary code execution by design.
=head1 OPTIONS
@@ -91,12 +91,12 @@ variables are assumed to be run-time variables for nginx and will be left alone
without warning. For example:
pre_set $ip 127.0.0.1;
- deny $ip; # This will output as: block 127.0.0.1;
- deny $otherip; # This will output as: block $otherip;
+ deny $ip; # This will output as: deny 127.0.0.1;
+ deny $otherip; # This will output as: deny $otherip;
=head2 pre_exec
-Run a shell command, and store the output in a variable. For example, nginx
+Run a shell command and store the output in a variable. For example, nginx
will not use your system's DNS resolution methods to resolve domain names.
Instead you need to manually set a C<resolver> address. With the following hack
you can fetch the nameserver from C</etc/resolv.conf> and use that as the