43 lines
1.7 KiB
Nginx Configuration File
43 lines
1.7 KiB
Nginx Configuration File
# ----------------------------------------------------------------------
|
|
# | File access |
|
|
# ----------------------------------------------------------------------
|
|
|
|
# Block access to all hidden files and directories with the exception of
|
|
# the visible content from within the `/.well-known/` hidden directory.
|
|
#
|
|
# These types of files usually contain user preferences or the preserved
|
|
# state of an utility, and can include rather private places like, for
|
|
# example, the `.git` or `.svn` directories.
|
|
#
|
|
# The `/.well-known/` directory represents the standard (RFC 5785) path
|
|
# prefix for "well-known locations" (e.g.: `/.well-known/manifest.json`,
|
|
# `/.well-known/keybase.txt`), and therefore, access to its visible
|
|
# content should not be blocked.
|
|
#
|
|
# https://www.mnot.net/blog/2010/04/07/well-known
|
|
# https://tools.ietf.org/html/rfc5785
|
|
|
|
location ~* /\.(?!well-known\/) {
|
|
deny all;
|
|
}
|
|
|
|
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
|
|
|
# Block access to files that can expose sensitive information.
|
|
#
|
|
# By default, block access to backup and source files that may be
|
|
# left by some text editors and can pose a security risk when anyone
|
|
# has access to them.
|
|
#
|
|
# https://feross.org/cmsploit/
|
|
#
|
|
# (!) Update the `location` regular expression from below to
|
|
# include any files that might end up on your production server and
|
|
# can expose sensitive information about your website. These files may
|
|
# include: configuration files, files that contain metadata about the
|
|
# project (e.g.: project dependencies), build scripts, etc..
|
|
|
|
location ~* (?:#.*#|\.(?:bak|conf|dist|fla|in[ci]|log|orig|psd|sh|sql|sw[op])|~)$ {
|
|
deny all;
|
|
}
|