mpen
Reputation: 283263
How to disallow access to all dot directories except .well-known?
I've got this in my nginx config:
location ~ /\. {
deny all;
}
location /.well-known/ {
allow all;
}
But I still can't access http://example.com/.well-known/acme-challenge/taUUGC822PcdnCnW_aADOzObZqFm3NNM5PEzLNFJXRU. How do I allow access to just that one dot directory?
Upvotes: 30
Views: 18416
Answers (2)
TrOnNe
Reputation: 1772
I would go with an optimised code:
location ~ /\.(?!well-known).* {
deny all;
}
So that all dots are denied except .well-known folder
Upvotes: 17
Richard Smith
Reputation: 49802
You have a regex location and a prefix location. The regex location takes precedence unless ^~ is used with the prefix location. Try:
location ~ /\. {
deny all;
}
location ^~ /.well-known/ {
# allow all;
}
See this document for details.
Upvotes: 39
Related Questions
- prevent static files access with nginx
- Nginx: Deny access of a directory and files inside it
- NGINX deny directory access except one php file
- Block access to files in a directory but allow index.html
- Nginx: Prevent direct access to static files
- How to deny path containing dot dot slash(relative path) in Nginx?
- Deny access to files and folders within web root without using .htaccess
- Nginx block access to sub directory when sub directory name is unknown
- Nginx configuration to deny access to private Laravel folders
- How to block access to php tilde files in nginx