For security purpose, I am attempting to hide almost all the fingerprint info of my web application. The most important thing is to hide PHP from any visitors. So I try to modify my Nginx's configuration file. The configuration will show as follows.
location / {
root /data/site/public;
index index.html index.htm index.php;
try_files $uri /index.php;
location /index.php {
fastcgi_pass unix:/var/run/php5-fpm.sock;
include fastcgi.conf;
}
}
By this way, I successfully hide index.php from URL. However, Hackers could also directly access my website by using some URL such as http://example.com/index.php, which shows that my website is written by PHP. Sometimes it maybe dangerous.
So, I modify the Nginx's config second time, longing for 404 when access index.php directly, and it looks like
location / {
root /data/site/public;
if ( $request_uri ~ /index\.php ) {
return 404;
}
index index.html index.htm index.php;
try_files $uri /index.php;
location /index.php {
fastcgi_pass unix:/var/run/php5-fpm.sock;
include fastcgi.conf;
}
}
However..., it seems that Nginx acts nothing different from the previous one.
Could anyone tell me the reason ? or any other solutions...
