Static ignore PHP files

cworrell

I think it would be neat to have an option or something for an Nginx static app to prevent access to PHP files. That way you could setup a simple cookie-less domain to serve static assets on by simply using a symlink to static app that points to a PHP apps document root.

I know this can be done for WordPress uploads folder, but then assets from plugins and core aren't able to benefit. And if you do a symlink to document root, PHP files are openly exposed and readable.

Thanks!

sean

cworrell Our PHP-FPM+Nginx app is pretty much that. Nginx hands the PHP requests off to FPM and serves all of the static stuff itself.

The docs about serving uploads via a symlink were written before we had the PHP-FPM+Nginx app but they're still applicable to our default WP install and other PHP+Apache apps.

cworrell

sean That is good, but then if you had say cdn.domain.com routed to that PHP-FPM+Nginx app, I wouldn't want PHP files to be served because the PHP site should only be served at www.domain.com. And our sites use .htaccess for redirects and rewriting, along with cache control and other things, so we would lose that with the PHP-FPM+Nginx.

sean

cworrell Ah I see what you're getting at, will log a feature request.