diff --git a/conf/nginx.conf b/conf/nginx.conf index 08b68fa..ba230ca 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -13,12 +13,19 @@ location __PATH__/ { more_set_headers "X-Content-Type-Options: nosniff"; more_set_headers "X-XSS-Protection: 1; mode=block"; - index index.php; + index index.php; - ## only allow accessing the following php files - location ~ ^/(index|matomo|piwik|js/index|plugins/HeatmapSessionRecording/configs)\.php$ { - fastcgi_param HTTP_PROXY ""; # prohibit httpoxy: https://httpoxy.org/ - fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock; #replace with the path to your PHP socket file + try_files $uri $uri/ =404; + + location ~ [^/]\.php(/|$) { + fastcgi_split_path_info ^(.+?\.php)(/.*)$; + fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock; + + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param REMOTE_USER $remote_user; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param SCRIPT_FILENAME $request_filename; } ## deny access to all other .php files @@ -27,12 +34,10 @@ location __PATH__/ { return 403; } - try_files $uri $uri/ =404; - ## disable all access to the following directories location ~ ^__PATH__/(config|tmp|core|lang) { deny all; - return 403; # replace with 404 to not show these directories exist + return 404; } location ~ __PATH__/\.ht {