From ccad5d7629acec38bcc36a8ea6e6cfe8ef4f1f02 Mon Sep 17 00:00:00 2001 From: Olivier DOSSMANN Date: Mon, 14 Nov 2016 11:58:26 +0100 Subject: fix #2582 - Nginx config: disable all other PHP file from symphony Regarding https://www.nginx.com/resources/wiki/start/topics/recipes/symfony/ we need to limit access to config.php and make_dev.php files from Nginx. That's why we return 404 error page for these files. --- docs/de/user/installation.rst | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'docs/de') diff --git a/docs/de/user/installation.rst b/docs/de/user/installation.rst index 35a30f52..131aa1f8 100644 --- a/docs/de/user/installation.rst +++ b/docs/de/user/installation.rst @@ -187,6 +187,12 @@ Angenommen du willst wallabag in das Verzeichnis ``/var/www/wallabag`` installie internal; } + # return 404 for all other php files not matching the front controller + # this prevents access to other php files you don't want to be accessible. + location ~ \.php$ { + return 404; + } + error_log /var/log/nginx/wallabag_error.log; access_log /var/log/nginx/wallabag_access.log; } -- cgit v1.2.3