First of all, excuse my English. I hope you can understand what I want to ask.
For a long time I have used this NginX config as a template for mine own, but I am very unsatisfied with it's security concerning PHP files. I mean, there are only some PHP files which a really needed for Drupal to work: index.php, update.php and cron.php (install.php used only once and I don't use any features of xmlrpc.php). So I want to rewrite my NginX config to grant access only for enlisted PHP files.
But I have some doubts about such approach. Also I suspect there are may be more PHP files in the core or modules that must be accessible from browser. Can you point me on such examples?
