@@ -305,6 +305,12 @@ The **minimum configuration** to get your application running under Nginx is:
305305 # Remove the internal directive to allow URIs like this
306306 internal;
307307 }
308+
309+ # return 404 for all other php files not matching the front controller
310+ # this prevents access to other php files you don't want to be accessible.
311+ location ~ \.php$ {
312+ return 404;
313+ }
308314
309315 error_log /var/log/nginx/project_error.log;
310316 access_log /var/log/nginx/project_access.log;
@@ -318,10 +324,10 @@ The **minimum configuration** to get your application running under Nginx is:
318324..tip ::
319325
320326 This executes **only ** ``app.php ``, ``app_dev.php `` and ``config.php `` in
321- the web directory. All other files will beserved as text . You **must **
322- also make sure that if you *do * deploy ``app_dev.php `` or ``config.php ``
323- that these files are secured and not available to any outside user (the
324- IP address checking code at the top of each file does this by default).
327+ the web directory. All other files will bedenied . You **must ** also make
328+ sure that if you *do * deploy ``app_dev.php `` or ``config.php `` that these
329+ files are secured and not available to any outside user (the IP address
330+ checking code at the top of each file does this by default).
325331
326332 If you have other PHP files in your web directory that need to be executed,
327333 be sure to include them in the ``location `` block above.