grav.whitestrake.net { root /srv/grav fastcgi / php-fpm:9000 php

1. grav.whitestrake.net {
2. root /srv/grav
3. fastcgi / php-fpm:9000 php
4.  
5. status 403 /forbidden
6.  
7. # Begin - Security
8. # deny all direct access for these folders
9. rewrite {
10. if {path} match /(.git|cache|bin|logs|backups|tests)/.*$
11. to /forbidden
12. }
13. # deny running scripts inside core system folders
14. rewrite {
15. if {path} match /(system|vendor)/.*\.(txt|xml|md|html|yaml|php|pl|py|cgi|twig|sh|bat)$
16. to /forbidden
17. }
18. # deny running scripts inside user folder
19. rewrite {
20. if {path} match /user/.*\.(txt|md|yaml|php|pl|py|cgi|twig|sh|bat)$
21. to /forbidden
22. }
23. # deny access to specific files in the root folder
24. rewrite {
25. if {path} match /(LICENSE.txt|composer.lock|composer.json|nginx.conf|web.config|htaccess.txt|\.htaccess)
26. to /forbidden
27. }
28. ## End - Security
29.  
30. # global rewrite should come last.
31. rewrite / {
32. to {path} {path}/ /index.php?_url={uri}
33. }
34. }