Hi-
I suspect this is a simple (read: stupid) question, but is there a
PHP-FPM equivalent to the mod_php directive for restricting PHP execution,
i.e.:

<Directory ${WWWDOCROOT}>
...
php_admin_flag engine off

...
</Directory>

I realize I can block access to files with a .php suffix so it never reaches FPM, but is there a closer equivalent? Thanks!

-- dNb

IMHO you should not do that on backend.
You should do that in nginx's conf or what else you use for frontend.

2013/1/16 David Blank-Edelman <dnblankedelman@gmail.com>

> Hi-
> I suspect this is a simple (read: stupid) question, but is there a
> PHP-FPM equivalent to the mod_php directive for restricting PHP execution,
> i.e.:
>
> <Directory ${WWWDOCROOT}>
> ...
> php_admin_flag engine off
>
> ...
> </Directory>
>
> I realize I can block access to files with a .php suffix so it never reaches FPM, but is there a closer equivalent? Thanks!
>
> -- dNb
>
>
>

On 15 Jan 2013 20h39 CET, dnblankedelman@gmail.com wrote:

> Hi- I suspect this is a simple (read: stupid) question, but is there
> a PHP-FPM equivalent to the mod_php directive for restricting PHP
> execution, i.e.:
>
> <Directory ${WWWDOCROOT}>
> ...
> php_admin_flag engine off
>
> ...
> </Directory>
>
> I realize I can block access to files with a .php suffix so it never
> reaches FPM, but is there a closer equivalent? Thanks!

As Anatoly already said: the problem should be posed differently. That
is, you should enumerate your PHP scripts or find a way to constrain
execution to specific patterns, so that *those and only those* files
are sent to FCGI. Then as a final measure just add a regex based
location like this:

location ~* \.php$ {
return 404;
}

--- appa