From ccad5d7629acec38bcc36a8ea6e6cfe8ef4f1f02 Mon Sep 17 00:00:00 2001 From: Olivier DOSSMANN Date: Mon, 14 Nov 2016 11:58:26 +0100 Subject: fix #2582 - Nginx config: disable all other PHP file from symphony Regarding https://www.nginx.com/resources/wiki/start/topics/recipes/symfony/ we need to limit access to config.php and make_dev.php files from Nginx. That's why we return 404 error page for these files. --- docs/en/user/installation.rst | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'docs/en/user') diff --git a/docs/en/user/installation.rst b/docs/en/user/installation.rst index 45e14616..77ef60a8 100644 --- a/docs/en/user/installation.rst +++ b/docs/en/user/installation.rst @@ -186,6 +186,12 @@ Assuming you installed wallabag in the ``/var/www/wallabag`` folder, here's the internal; } + # return 404 for all other php files not matching the front controller + # this prevents access to other php files you don't want to be accessible. + location ~ \.php$ { + return 404; + } + error_log /var/log/nginx/wallabag_error.log; access_log /var/log/nginx/wallabag_access.log; } -- cgit v1.2.3