42 lines
1.7 KiB
Nginx Configuration File
42 lines
1.7 KiB
Nginx Configuration File
# ----------------------------------------------------------------------
|
|
# | File access |
|
|
# ----------------------------------------------------------------------
|
|
|
|
# Block access to all hidden files and directories except for the
|
|
# visible content from within the `/.well-known/` hidden directory.
|
|
#
|
|
# These types of files usually contain user preferences or the preserved state
|
|
# of a utility, and can include rather private places like, for example, the
|
|
# `.git` or `.svn` directories.
|
|
#
|
|
# The `/.well-known/` directory represents the standard (RFC 5785) path prefix
|
|
# for "well-known locations" (e.g.: `/.well-known/manifest.json`,
|
|
# `/.well-known/keybase.txt`), and therefore, access to its visible content
|
|
# should not be blocked.
|
|
#
|
|
# https://www.mnot.net/blog/2010/04/07/well-known
|
|
# https://tools.ietf.org/html/rfc5785
|
|
|
|
location ~* /\.(?!well-known\/) {
|
|
deny all;
|
|
}
|
|
|
|
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
|
|
|
# Block access to files that can expose sensitive information.
|
|
#
|
|
# By default, block access to backup and source files that may be left by some
|
|
# text editors and can pose a security risk when anyone has access to them.
|
|
#
|
|
# https://feross.org/cmsploit/
|
|
#
|
|
# (!) Update the `location` regular expression from below to include any files
|
|
# that might end up on your production server and can expose sensitive
|
|
# information about your website. These files may include: configuration
|
|
# files, files that contain metadata about the project (e.g.: project
|
|
# dependencies, build scripts, etc.).
|
|
|
|
location ~* (?:#.*#|\.(?:bak|conf|dist|fla|in[ci]|log|orig|psd|sh|sql|sw[op])|~)$ {
|
|
deny all;
|
|
}
|