I’ve tested this configuration, but since all php requests pass in (
location ~ .php$ ) and all requests are sent to /index.php with
try_files, this doesn’t work.
For example, all requests to /products are handle with /index.php with
try_files
A request to /products get the value from .php location (
fastcgi_cache_valid 200 10m; )
If I remove fastcgi_cache_valid from .php location, all requests I
get are MISS.
Why do you use an insecure config? It’s even referenced in the wiki:
I’m aware that is quite common to “recommend” this as de rigueur for
PHP but I fail to see why, It seems that is just easier to have a
catch all php than enumerate all scripts that are allowed.
Maxim suggestion doesn’t work for you because you have this regex
based location. I suggest you formulate your problem more clearly so
that the list can help you.
Start by trying an exact location for index.php
location = /index.php {
…
}
location = /products {
…
}
You have to “enable” PHP FCGI handling in each location.
That’s the way applications like wordpress and others works, in my
case it’s Invision Power Board.
With WP you can enumerate all PHP files and even if you don’t want to
do that you can constrain the execution by using something like this:
## Regular PHP processing.
location ~ ^(?<script>.+\.php)(?<path_info>.*)$ {
include fastcgi.conf;
## The fastcgi_params must be redefined from the ones
## given in fastcgi.conf. No longer standard names
## but arbitrary: named patterns in regex.
fastcgi_param SCRIPT_FILENAME $document_root$script;
fastcgi_param SCRIPT_NAME $script;
fastcgi_param PATH_INFO $path_info;
## Passing the request upstream to the FastCGI
## listener.
fastcgi_pass phpcgi;
}