Trying to view diffs for the hacked module (https://www.drupal.org/project/hacked) returns 404, the fix must come before the config sections that try to determine static content or information disclosure.
apps/drupal/drupal.conf
## The 'default' location.
location / {
...
+ ## Allow drupal to handle diffs for the hacked module
+ location ~* /admin/reports/hacked/.+/diff/ {
+ include apps/drupal/fastcgi_drupal.conf;
+ fastcgi_pass phpcgi;
+ }
...
## All static files will be served directly.
location ~* ^.+\.(?:css|cur|js|jpe?g|gif|htc|ico|png|html|xml|otf|ttf|eot|woff|svg)$ {
...
}
...
## Replicate the Apache <FilesMatch> directive of Drupal standard
## .htaccess. Disable access to any code files. Return a 404 to curtail
## information disclosure. Hide also the text files.
location ~* ^(?:.+\.(?:htaccess|make|txt|engine|inc|info|install|module|profile|po|pot|sh|.*sql|test|theme|tpl(?:\.php)?|xtmpl)|code-style\.pl|/Entries.*|/Repository|/Root|/Tag|/\
Template)$ {
return 404;
}
...
}
Trying to view diffs for the hacked module (https://www.drupal.org/project/hacked) returns 404, the fix must come before the config sections that try to determine static content or information disclosure.
apps/drupal/drupal.conf