Add Nginx rules to security documentation, in order to prevent execution of PHP files from the uploadable-files directories

Author: ywarnier

documentation/security.html

@@ -105,8 +105,7 @@ <h2><a name="5.Files-permissions"></a>5. Restricting files permissions</h2>
         account we authorize overrides through .htaccess, we need to set
         something that a .htaccess file cannot revert, and we need to set it
         for each of those directories. This can be done as follows inside
-        your VirtualHost definition in Apache (you'll have to translate it for
-        Nginx configurations), where "/var/www/URL/" is the path of your VirtualHost web root:<br />
+        your VirtualHost definition in Apache, where "/var/www/URL/" is the path of your VirtualHost web root:<br />
         <pre>
   &lt;Directory /var/www/URL/app/cache&gt;
     php_admin_value engine Off
@@ -133,6 +132,25 @@ <h2><a name="5.Files-permissions"></a>5. Restricting files permissions</h2>
     php_admin_value engine Off
   &lt;/Directory&gt;
         </pre>
+
+        For Nginx, this would look like the following rules. However, do
+        remember that Nginx interprets rules in order of appearance, so these
+        rules would have to be at the top of your location rules to take the
+        highest priority:
+        <pre>
+  location ~ ^/app/(cache|courses|home|logs|upload)/.*\.(php|php4|php5)$ {
+    deny all;
+  }
+  location ~ ^/main/default_course_document/images/.*\.php$ {
+    deny all;
+  }
+  location ~ ^/main/lang/.*\.php$ {
+    deny all;
+  }
+  location ~ ^/web/css/.*\.php$ {
+    deny all;
+  }
+        </pre>
     <br />
 <hr />
 <h2><a name="6.HSTS">HTTP Headers Security</a></h2>