From cb4485d583146ea36d32d5cd4afdcbc35cf9b03a Mon Sep 17 00:00:00 2001
From: David Cook <david@redcliffs.net>
Date: Tue, 12 Nov 2024 17:30:04 +1100
Subject: [PATCH] Block requests for .php

---
 inventory/group_vars/all.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/inventory/group_vars/all.yml b/inventory/group_vars/all.yml
index b3c0a93f2..022197894 100644
--- a/inventory/group_vars/all.yml
+++ b/inventory/group_vars/all.yml
@@ -353,6 +353,12 @@ nginx_sites:
       brotli_types text/css text/javascript text/plain application/javascript application/x-javascript application/json;
 
       try_files $uri/index.html $uri @rails;
+
+      # Block scanning for scripts efficiently.
+      location ~ \.php(\?.*)?$ {
+        return 404;
+      }
+
       location @rails {
         {{ nginx_valid_methods }}