For Nginx in PROD env, this makes more difficult to know that app is running Symfony.

app.php is widely known as our default front controller.
It is a small effort by security through obscurity.
For Apache, this 301 must be replaced by 404:
https://github.com/symfony/symfony-standard/blob/77ee2a83c085169e0bd221510b5693dca504f682/web/.htaccess#L37

| Q             | A
| ------------- | ---
| Doc fix?      | no
| New feature?  | no
| Applies to    | 2.0+
| Tests pass?   | yes
| Fixed tickets |

Author: phansys

cookbook/configuration/web_server_configuration.rst

@@ -202,6 +202,13 @@ are:
         server_name domain.tld www.domain.tld;
         root /var/www/project/web;
 
+        if ($request_uri ~ "/app\.php(/|$)") {
+            # prevent explicit access and hide front controller
+            # remove this block if you want to allow uri's like
+            # http://domain.tld/app.php/some-path
+            return 404;
+        }
+
         location / {
             # try to serve file directly, fallback to app.php
             try_files $uri /app.php$is_args$args;