GeneralConfig/nginx/extra/restrictions.conf

40 lines
1.0 KiB
Plaintext
Raw Permalink Normal View History

2020-06-17 13:31:05 -03:00
# Global restrictions configuration file
# Designed to be included in any server {} block
## Disable TRACE, DELETE, PUT, OPTIONS modes
if ($request_method !~ ^(GET|HEAD|POST)$ ) {
return 405;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
location ~ /\. {
access_log off;
log_not_found off;
deny all;
}
location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ {
access_log off;
log_not_found off;
expires 360d;
}
# Deny access to any files with a .php extension in the uploads directory
# Works in sub-directory installs and also in multisite network
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
location ~* /(?:uploads|files)/.*\.php$ {
deny all;
}