nginx rule to prevent access to sensitive files (#65)

* nginx rule to prevent access to sensitive files
* Add a suggested rule that does the same as the suggested rule in .htaccess
* Add .git and auth.json to nginx sensitive resources
pull/67/head
Clark Winkelmann 5 years ago committed by GitHub
parent 3aeffd15aa
commit 0ef4318913
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -3,6 +3,13 @@ location / {
try_files $uri $uri/ /index.php?$query_string;
}
# Uncomment the following lines if you are not using a `public` directory
# to prevent sensitive resources from being exposed.
# location ~* ^/(\.git|composer\.(json|lock)|auth\.json|config\.php|flarum|storage|vendor) {
# deny all;
# return 404;
# }
# The following directives are based on best practices from H5BP Nginx Server Configs
# https://github.com/h5bp/server-configs-nginx

Loading…
Cancel
Save