Level 75
That is the fastcgi section.
Feb 21, 2023
4
Level 1
Nginx deployment clarification - security
Regarding nginx deployment outlined in documentation (/docs/10.x/deployment#nginx), what is the particular benefit of this directive?
location ~ \.php$ {
Since Laravel only contains index.php in the public directory, is it safe to replace this directive with the following one?
location = /index.php {
The latter would only allow executing index.php as PHP code, this could increase security if, for example, an attacker would be able to drop any other PHP file in your public directory tree using any means.
What are your opinions on this? Thank you a lot in advance.
Level 1
No, it's main "server" configuration, from the docs, laravel.com/docs/10.x/deployment#nginx
Level 19
Try it and see.
Level 1
It works, I just want to know if there are some downsides to it. I think it might be better for security, but then I'm not sure why the official manual allows executing any PHP files in public directory besides index.php
Please or to participate in this conversation.