Drupal - How to prevent executing .php files in sites/default/files directory for nginx+php7.0-fpm?

This is what works for nginx and only targets files directory:

location ~ /files/.*\.php$ {
    return 403;
}

This is more generic and wont let any php file in a directory execute directly:

location ~ /.*/.*\.php$ {
    return 403;
}

WARNING, this is posted all over the web but only works for hidden directories:

location ~ \..*/.*\.php$ {
    return 403;
}

Tags:

.Htaccess

7

Related

Drupal - Change site logo for specific content type and page Drupal - Prevent directory permissions of sites/default from being protected in a local environment? Drupal - How to move the comment form to the top? Drupal - Debug arrays from hook_cron? Drupal - How to filter a View by Date Range (start, end)? Drupal - Manually invoking Ajax Commands when an ajax callback is not an #ajax form callback Drupal - How to enable endpoint without RESTUI module? Drupal - How do I add a specific meta-tag to all the pages of a site? Drupal - How can I add Taxonomy Term to a Node's Breadcrumb? Drupal - $form_state->setValue() doesn't save value Drupal - Attempt to create a field body that does not exist on entity type node Drupal - Change a normal submit 'input' type to 'button' type with button tag

Recent Posts