I want to block some sensitive files, especially all *.log files wherever they occur.
So, I copied and pasted the following example, right into the very first rule.
location ~* \.(pl|cgi|py|sh|lua|log|md5)\$ {
return 444;
}
Restarted nginx - could still get to file.
Found various other examples, some on the nginx wiki, some on StackOverflow - I modified all the examples to include "log", so for example, I end the pattern with ) or )$ or )\$ and start the pattern with ~* \.( or ~* ^.+\.( for example.
location ~* \.(pl|cgi|py|sh|lua|log|md5)\$ {
return 444;
}
location ~* \.(pl|cgi|py|sh|lua)\$ {
return 444;
}
location ~* \.(gif|jpg|png)$ {
return 444;
}
location ~ (\.php$|myadmin) {
return 403;
}
location ~* ^.+\.(jpg|txt)$ {
return 444;
}
I think I've tried every combination, restarted everything including the damn server, flushed my cache, tried in an incognito window and a whole new browser., double checked that nothing like cloudflare is caching the file, and still I can get to the file.
I'm starting to doubt both my own eyes and sanity! Can someone please let me know why I can still get "install.log" with those patterns?
Thanks!
PS - rest of file:
location / {
try_files $uri $uri/ =404;
index index.html index.htm index.php;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/fpm.sock;
fastcgi_index index.php;
fastcgi_ignore_client_abort on;
}
}
So, I copied and pasted the following example, right into the very first rule.
location ~* \.(pl|cgi|py|sh|lua|log|md5)\$ {
return 444;
}
Restarted nginx - could still get to file.
Found various other examples, some on the nginx wiki, some on StackOverflow - I modified all the examples to include "log", so for example, I end the pattern with ) or )$ or )\$ and start the pattern with ~* \.( or ~* ^.+\.( for example.
location ~* \.(pl|cgi|py|sh|lua|log|md5)\$ {
return 444;
}
location ~* \.(pl|cgi|py|sh|lua)\$ {
return 444;
}
location ~* \.(gif|jpg|png)$ {
return 444;
}
location ~ (\.php$|myadmin) {
return 403;
}
location ~* ^.+\.(jpg|txt)$ {
return 444;
}
I think I've tried every combination, restarted everything including the damn server, flushed my cache, tried in an incognito window and a whole new browser., double checked that nothing like cloudflare is caching the file, and still I can get to the file.
I'm starting to doubt both my own eyes and sanity! Can someone please let me know why I can still get "install.log" with those patterns?
Thanks!
PS - rest of file:
location / {
try_files $uri $uri/ =404;
index index.html index.htm index.php;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/fpm.sock;
fastcgi_index index.php;
fastcgi_ignore_client_abort on;
}
}