From ccad5d7629acec38bcc36a8ea6e6cfe8ef4f1f02 Mon Sep 17 00:00:00 2001
From: Olivier DOSSMANN <olivier+git@dossmann.net>
Date: Mon, 14 Nov 2016 11:58:26 +0100
Subject: [PATCH] fix #2582 - Nginx config: disable all other PHP file from
 symphony

Regarding
https://www.nginx.com/resources/wiki/start/topics/recipes/symfony/ we
need to limit access to config.php and make_dev.php files from Nginx.
That's why we return 404 error page for these files.
---
 docs/de/user/installation.rst | 6 ++++++
 docs/en/user/installation.rst | 6 ++++++
 docs/fr/user/installation.rst | 6 ++++++
 3 files changed, 18 insertions(+)

diff --git a/docs/de/user/installation.rst b/docs/de/user/installation.rst
index 35a30f52..131aa1f8 100644
--- a/docs/de/user/installation.rst
+++ b/docs/de/user/installation.rst
@@ -187,6 +187,12 @@ Angenommen du willst wallabag in das Verzeichnis ``/var/www/wallabag`` installie
             internal;
         }
 
+        # return 404 for all other php files not matching the front controller
+        # this prevents access to other php files you don't want to be accessible.
+        location ~ \.php$ {
+            return 404;
+        }
+
         error_log /var/log/nginx/wallabag_error.log;
         access_log /var/log/nginx/wallabag_access.log;
     }
diff --git a/docs/en/user/installation.rst b/docs/en/user/installation.rst
index 45e14616..77ef60a8 100644
--- a/docs/en/user/installation.rst
+++ b/docs/en/user/installation.rst
@@ -186,6 +186,12 @@ Assuming you installed wallabag in the ``/var/www/wallabag`` folder, here's the
             internal;
         }
 
+        # return 404 for all other php files not matching the front controller
+        # this prevents access to other php files you don't want to be accessible.
+        location ~ \.php$ {
+            return 404;
+        }
+
         error_log /var/log/nginx/wallabag_error.log;
         access_log /var/log/nginx/wallabag_access.log;
     }
diff --git a/docs/fr/user/installation.rst b/docs/fr/user/installation.rst
index 4f94d6c8..f6afcda6 100644
--- a/docs/fr/user/installation.rst
+++ b/docs/fr/user/installation.rst
@@ -183,6 +183,12 @@ En imaginant que vous vouliez installer wallabag dans le dossier ``/var/www/wall
             internal;
         }
 
+        # return 404 for all other php files not matching the front controller
+        # this prevents access to other php files you don't want to be accessible.
+        location ~ \.php$ {
+            return 404;
+        }
+
         error_log /var/log/nginx/wallabag_error.log;
         access_log /var/log/nginx/wallabag_access.log;
     }
-- 
2.41.0