From: Olivier DOSSMANN <olivier+git@dossmann.net>
Date: Mon, 14 Nov 2016 10:58:26 +0000 (+0100)
Subject: fix #2582 - Nginx config: disable all other PHP file from symphony
X-Git-Tag: 2.1.4~9^2
X-Git-Url: https://git.immae.eu/?p=github%2Fwallabag%2Fwallabag.git;a=commitdiff_plain;h=ccad5d7629acec38bcc36a8ea6e6cfe8ef4f1f02

fix #2582 - Nginx config: disable all other PHP file from symphony

Regarding
https://www.nginx.com/resources/wiki/start/topics/recipes/symfony/ we
need to limit access to config.php and make_dev.php files from Nginx.
That's why we return 404 error page for these files.
---

diff --git a/docs/de/user/installation.rst b/docs/de/user/installation.rst
index 35a30f52..131aa1f8 100644
--- a/docs/de/user/installation.rst
+++ b/docs/de/user/installation.rst
@@ -187,6 +187,12 @@ Angenommen du willst wallabag in das Verzeichnis ``/var/www/wallabag`` installie
             internal;
         }
 
+        # return 404 for all other php files not matching the front controller
+        # this prevents access to other php files you don't want to be accessible.
+        location ~ \.php$ {
+            return 404;
+        }
+
         error_log /var/log/nginx/wallabag_error.log;
         access_log /var/log/nginx/wallabag_access.log;
     }
diff --git a/docs/en/user/installation.rst b/docs/en/user/installation.rst
index 45e14616..77ef60a8 100644
--- a/docs/en/user/installation.rst
+++ b/docs/en/user/installation.rst
@@ -186,6 +186,12 @@ Assuming you installed wallabag in the ``/var/www/wallabag`` folder, here's the
             internal;
         }
 
+        # return 404 for all other php files not matching the front controller
+        # this prevents access to other php files you don't want to be accessible.
+        location ~ \.php$ {
+            return 404;
+        }
+
         error_log /var/log/nginx/wallabag_error.log;
         access_log /var/log/nginx/wallabag_access.log;
     }
diff --git a/docs/fr/user/installation.rst b/docs/fr/user/installation.rst
index 4f94d6c8..f6afcda6 100644
--- a/docs/fr/user/installation.rst
+++ b/docs/fr/user/installation.rst
@@ -183,6 +183,12 @@ En imaginant que vous vouliez installer wallabag dans le dossier ``/var/www/wall
             internal;
         }
 
+        # return 404 for all other php files not matching the front controller
+        # this prevents access to other php files you don't want to be accessible.
+        location ~ \.php$ {
+            return 404;
+        }
+
         error_log /var/log/nginx/wallabag_error.log;
         access_log /var/log/nginx/wallabag_access.log;
     }