nginx rewrite all to index.php except whitelist
I would use the $uri variable and if in a location
block to achieve this.
location / { if ( $uri !~ ^/(index\.php|css|images|core|uploads|js|robots\.txt|favicon\.ico) ) { rewrite ^ /server/index.php last; }}
Also, as for the pathinfo security problems, (discussion) it's a good practice to add
try_files $uri =403;fastcgi_split_path_info ^(.+.php)(.*)$;
to the location ~ \.php$
block.