Reputation: 1909
Nginx disallow download file
I'm facing an issue with include files in my web app. They are all stored in a inc/ subdirectory. If I open the browser and point to: www.mysite.com/inc/ I get a 404 not found which is ok.
If I point to: www.mysite.com/inc/connection.inc file that contains db info I can actually download it which is absolutely not good!
I have this configuration in default website config:
location ~ /(ajax|inc|prints|temp) {
deny all;
return 404;
}
How can I avoid files being downloaded?
Upvotes: 0
Views: 6912
Answers (2)
Reputation: 49752
The location block seems to match the URI and should deny access. Therefore, either it is in the wrong server block, it is overridden by some other location block, or you failed to restart nginx.
On a more general point. If connection.inc is not required by the client, then why risk placing it inside the document root?
Upvotes: 1
Reputation: 1909
Found the solution. It was as simple as
location ~ \.inc {
deny all;
}
The problem is that there is ONLY 1 thread ion google about this issue.
Upvotes: 4
Related Questions
- Nginx no-www to www and www to no-www
- Nginx location priority
- How to avoid reverse engineering of an APK file
- nginx - nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
- NGinx Default public www location?
- Node.js + Nginx - What now?
- Nginx -- static file serving confusion with root & alias
- Nginx proxy Amazon S3 resources
- How to perform multiple redirects in NGINX
- Nginx deny doesn't work for folder files