Nginx (engine x) is a high performance HTTP and reverse proxy server is a IMAP / POP3 / SMTP server . Nginx is often used as a reverse proxy, dynamic proxy_pass part is passed to the back-end ports, and static files Nginx need to deal with.
If the static files are stored in / home / directory, and the directory name in the url for the files, then you need to set the alias directory with the alias:
In this case, access http://example.com/files/readme.txt, you can get /home/readme.txt file.
However, we note the url / files no suffix /, and / home alias settings / suffix is / are,
this / it can lead us through from / home / directory to his parent directory .
And then we get an arbitrary file download vulnerability.