diff --git a/conf/nginx.conf b/conf/nginx.conf
index 32af934..698d1a8 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -6,6 +6,8 @@ location __PATH__/ {
 
 	index index.html;
 
+    # allowed subnets
+    deny all;
 
     location ~ \.php {
         fastcgi_split_path_info ^(.+\.php)(.*)$;
diff --git a/scripts/install b/scripts/install
index ac817a3..1485283 100644
--- a/scripts/install
+++ b/scripts/install
@@ -39,9 +39,32 @@ chmod 600 "/etc/sudoers.d/$app"
 # WEBSERVER CONFIGURATION
 #=================================================
 ynh_script_progression --message="Adding php-fpm configuration …" --weight=1
+
+# find default php version
+php_executable=$(readlink -f "$(which php)")
+echo "${php_executable:(-3)}"
+ynh_app_setting_set --app=$app --key="phpversion" --value="${php_executable:(-3)}"
 ynh_add_fpm_config
 
+
 ynh_script_progression --message="Adding nginx configuration …" --weight=1
+# get local subnet address ranges from routing table
+ranges=$(netstat -nr | grep -o "^\(192\.168\|172.\(1[6-9]\|2[0-9]\|3[01]\)\|10\.[0-9]\+\)\.[0-9]\+\.[0-9]\+")
+# add allow statement to nginx config for each subnet range in CIDR notation
+for range in $ranges; do
+    case $(echo "$range" | awk -F '.' '{print $1}') in
+        192)
+            cidr=24
+            ;;
+        172)
+            cidr=12
+            ;;
+        10)
+            cidr=8
+            ;;
+    esac
+    sed -i "/# allowed subnets/a allow ${range}/${cidr};  # added by install script" nginx.conf;
+done
 ynh_add_nginx_config