From f84d9db51c5694f967e5a7578ab1e870ea5a5c3c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=F0=9D=93=99=F0=9D=93=BE=F0=9D=93=B5=F0=9D=93=B2?= =?UTF-8?q?=F0=9D=93=B8?= Date: Wed, 19 Jun 2024 03:45:20 +0100 Subject: [PATCH] Update nginx/sensitive.conf --- nginx/sensitive.conf | 47 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) diff --git a/nginx/sensitive.conf b/nginx/sensitive.conf index ab9cdfd..f41802d 100644 --- a/nginx/sensitive.conf +++ b/nginx/sensitive.conf @@ -1,3 +1,50 @@ location ~* \.(sql|sql\.gz|sql\.tar|sql\.bzip2|sql\.bz2|sql\.zip|sql\.rar|sql\.7z|bash_history|bashrc|cache|config|cvs|cvsignore|env|env\.backup|env\.bak|env\.development|env\.local|env\.dist|env\.docker\.dev|env\.php|env\.prod|env\.production\.local|env\.sample\.php|env\.save|env\.stage|env\.test|environment|envrc|envs|env~|production\.js|test\.js|dev\.js|test-env\.json|env\.json|forward|jupyter_notebook_config\.json|git|history|hta|htaccess|htpasswd|lanproxy|listing|listings|msmtprc|mysql_history|passwd|pwd|perf|profile|rhosts|sh_history|ssh|subversion|svn|s3cfg|bak|exe|bat|dll|printer|pac|aws|awscfg|aws-key\.yml|config\.yml|secrets\.yml|secrets\.json|credentials|config\.json|deployment-config\.json|docker|cordova|vscode|wpeprivate|composer\.json|composer\.lock|debug\.log)$ { deny all; +} +location ~ /\. { + deny all; + log_not_found off; + access_log off; + return 404; +} +location ~ ~$ { + deny all; + log_not_found off; + access_log off; + return 404; +} +location ~ \.bak$ { + deny all; + log_not_found off; + access_log off; + return 404; +} +location ~ \.gz$ { + deny all; + log_not_found off; + access_log off; + return 404; +} +location ~ \.tar$ { + deny all; + log_not_found off; + access_log off; + return 404; +} +location ~ \.zip$ { + deny all; + log_not_found off; + access_log off; + return 404; +} +location ~ /dump.sql$ { + deny all; + log_not_found off; + access_log off; + return 404; +} + + +location ^~ /.well-known { + allow all; } \ No newline at end of file