From 87066953d3cfe412fcaacd495ec079363184ed30 Mon Sep 17 00:00:00 2001
From: David Bomba <turbo124@gmail.com>
Date: Wed, 6 Sep 2023 00:05:54 +1000
Subject: [PATCH] Disable access to php scripts in /storage

---
 config/nginx/in-vhost.conf | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/config/nginx/in-vhost.conf b/config/nginx/in-vhost.conf
index e8b9a0a3..cf262f72 100644
--- a/config/nginx/in-vhost.conf
+++ b/config/nginx/in-vhost.conf
@@ -16,6 +16,11 @@ server {
     location = /favicon.ico { access_log off; log_not_found off; }
     location = /robots.txt  { access_log off; log_not_found off; }
 
+
+    location ~* /storage/.*\.php$ {
+        return 503;
+    }
+
     location ~ \.php$ {
         fastcgi_split_path_info ^(.+\.php)(/.+)$;
         fastcgi_pass app:9000;