@@ -49,6 +49,18 @@ server {
4949 # X-Frame-Options to prevent clickjacking
5050 add_header X-Frame-Options SAMEORIGIN;
5151
52+ # Error pages
53+ error_page 403 = @error403;
54+ error_page 404 = @error404;
55+
56+ location @error403 {
57+ rewrite ^ /index.php?action=403 last;
58+ }
59+
60+ location @error404 {
61+ rewrite ^ /index.php?action=404 last;
62+ }
63+
5264 location / {
5365 index index.php;
5466 try_files $uri $uri/ @rewriteapp;
@@ -126,8 +138,8 @@ server {
126138 rewrite ^/setup/?$ /setup/index.php last;
127139 rewrite ^/update/?$ /update/index.php last;
128140
129- # Fallback to front controller
130- rewrite ^ /index.php last ;
141+ # Fallback: return 404 if no rewrite rule matched
142+ return 404 ;
131143 }
132144
133145 location /admin/assets {
@@ -212,6 +224,18 @@ server {
212224 # X-Frame-Options to prevent clickjacking
213225 add_header X-Frame-Options SAMEORIGIN;
214226
227+ # Error pages
228+ error_page 403 = @error403;
229+ error_page 404 = @error404;
230+
231+ location @error403 {
232+ rewrite ^ /index.php?action=403 last;
233+ }
234+
235+ location @error404 {
236+ rewrite ^ /index.php?action=404 last;
237+ }
238+
215239 location / {
216240 index index.php;
217241 try_files $uri $uri/ @rewriteapp;
@@ -286,8 +310,8 @@ server {
286310 rewrite ^/setup/ /setup/index.php last;
287311 rewrite ^/update/ /update/index.php last;
288312
289- # Fallback to front controller
290- rewrite ^ /index.php last ;
313+ # Fallback: return 404 if no rewrite rule matched
314+ return 404 ;
291315 }
292316
293317 location /admin/assets {
0 commit comments