From d7aa43750cad996d8ed4e76144dbaeb5581972ed Mon Sep 17 00:00:00 2001
From: Victor Grigoriev <vectoroc@gmail.com>
Date: Thu, 19 Jun 2014 02:03:26 +0400
Subject: [PATCH 1/3] Update drupal.conf

this location filters out correct request like /user/autocomplete/a.sh

compare these urls
http://drupalspb.org:8080/user/autocomplete/a.sh
http://drupal.org/user/autocomplete/a.sh

btw. another case is /user/autocomplete/a.php
---
 apps/drupal/drupal.conf | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/apps/drupal/drupal.conf b/apps/drupal/drupal.conf
index 0679bf48..ceb7b566 100644
--- a/apps/drupal/drupal.conf
+++ b/apps/drupal/drupal.conf
@@ -212,7 +212,10 @@ location / {
     ## .htaccess. Disable access to any code files. Return a 404 to curtail
     ## information disclosure. Hide also the text files.
     location ~* ^(?:.+\.(?:htaccess|make|txt|engine|inc|info|install|module|profile|po|pot|sh|.*sql|test|theme|tpl(?:\.php)?|xtmpl)|code-style\.pl|/Entries.*|/Repository|/Root|/Tag|/Template)$ {
-        return 404;
+        if (-e $request_filename) {
+            return 404;
+        }
+        try_files $uri @drupal;
     }
 
     ## First we try the URI and relay to the /index.php?q=$uri&$args if not found.

From 0fc313ebdd02f1450d89462c9df75f44db9b415a Mon Sep 17 00:00:00 2001
From: Victor Grigoriev <vectoroc@gmail.com>
Date: Thu, 19 Jun 2014 14:49:24 +0400
Subject: [PATCH 2/3] redirect to @php through error_page

---
 apps/drupal/drupal.conf | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/apps/drupal/drupal.conf b/apps/drupal/drupal.conf
index ceb7b566..a19d776e 100644
--- a/apps/drupal/drupal.conf
+++ b/apps/drupal/drupal.conf
@@ -215,7 +215,8 @@ location / {
         if (-e $request_filename) {
             return 404;
         }
-        try_files $uri @drupal;
+        error_page 418 = @php;
+        return 418;
     }
 
     ## First we try the URI and relay to the /index.php?q=$uri&$args if not found.

From 54da8c341d989e988f9c7b5f8499a2297d740230 Mon Sep 17 00:00:00 2001
From: Victor Grigoriev <vectoroc@gmail.com>
Date: Mon, 29 Jun 2015 14:35:01 +0300
Subject: [PATCH 3/3] Update drupal.conf

fixed misprint
---
 apps/drupal/drupal.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/drupal/drupal.conf b/apps/drupal/drupal.conf
index a19d776e..a3571b0e 100644
--- a/apps/drupal/drupal.conf
+++ b/apps/drupal/drupal.conf
@@ -215,7 +215,7 @@ location / {
         if (-e $request_filename) {
             return 404;
         }
-        error_page 418 = @php;
+        error_page 418 = @drupal;
         return 418;
     }