I am running Apache 2.2 with FastCGI and php-fpm. I am trying to duplicate the following logic:
<FilesMatch "^(admin|api|app)?(_dev)?$">
#ForceType application/x-httpd-php
SetHandler php-fcgi
</FilesMatch>
Which allows me to symlink admin.php as admin, so I can remove the .php extension. It seems the only way to do this with php-fpm is to set the security.limit_extension
of the www.conf
file to empty, however, as the comments indicate, this is a pretty big security hole, in that php code can now be executed from within any file, regardless of extension.
What would be the preferred way to accomplish the above, but still maintain some semblance of security?