server-configs-nginx/h5bp/location/protect-system-files.conf

# Prevent clients from accessing hidden files (starting with a dot)
# This is particularly important if you store .htpasswd files in the site hierarchy
# Access to `/.well-known/` is allowed.
# https://www.mnot.net/blog/2010/04/07/well-known
# https://tools.ietf.org/html/rfc5785
location ~* /\.(?!well-known\/) {
    deny all;
}

# Prevent clients from accessing to backup/config/source files
location ~* (?:\.(?:bak|conf|dist|fla|in[ci]|log|psd|sh|sql|sw[op])|~)$ {
    deny all;
}
split the default server config Make it possible to pick and mix server rules. 2012-07-22 23:31:54 +02:00			`# Prevent clients from accessing hidden files (starting with a dot)`
protect-system-files.conf: clarify why people should be using it 2013-02-24 22:16:13 +01:00			`# This is particularly important if you store .htpasswd files in the site hierarchy`
Updated locations to match h5bp's Apache config See https://github.com/h5bp/server-configs-apache/issues/31 for `well-known` change. 2015-06-08 14:56:19 +02:00			# Access to `/.well-known/` is allowed.
			`# https://www.mnot.net/blog/2010/04/07/well-known`
			`# https://tools.ietf.org/html/rfc5785`
			`location ~* /\.(?!well-known\/) {`
protect-system-files.conf: use "deny all" for clearer intent when blocking access 2013-02-24 21:41:51 +01:00			`deny all;`
split the default server config Make it possible to pick and mix server rules. 2012-07-22 23:31:54 +02:00			`}`

			`# Prevent clients from accessing to backup/config/source files`
Updated locations to match h5bp's Apache config See https://github.com/h5bp/server-configs-apache/issues/31 for `well-known` change. 2015-06-08 14:56:19 +02:00			`location ~* (?:\.(?:bak\|conf\|dist\|fla\|in[ci]\|log\|psd\|sh\|sql\|sw[op])\|~)$ {`
protect-system-files.conf: use "deny all" for clearer intent when blocking access 2013-02-24 21:41:51 +01:00			`deny all;`
split the default server config Make it possible to pick and mix server rules. 2012-07-22 23:31:54 +02:00			`}`