:8080 gzip fastcgi / 127.0.0.1:9000 php # Begin - Security # deny all direct access for these folders rewrite { r /(.git|cache|bin|logs|backups|tests)/.*$ to /403 } # deny running scripts inside core system folders rewrite { r /(system|vendor)/.*\.(txt|xml|md|html|yaml|php|pl|py|cgi|twig|sh|bat)$ to /403 } # deny running scripts inside user folder rewrite { r /user/.*\.(txt|md|yaml|php|pl|py|cgi|twig|sh|bat)$ to /403 } # deny access to specific files in the root folder rewrite { r /(LICENSE.txt|composer.lock|composer.json|nginx.conf|web.config|htaccess.txt|\.htaccess) to /403 } status 403 /403 ## End - Security # global rewrite should come last. rewrite { to {path} {path}/ /index.php?_url={uri}&{query} }