• Home
  • Blog
  • Nginx Security - protect htaccess, dot and dollar sign files

Nginx Security - protect htaccess, dot and dollar sign files

Protect Those Important Files!

I create a file inside /etc/nginx/ called drop.conf and I include it in every site I add.

include drop.conf;

All these parts below are put into the file: /etc/nginx/drop.conf

# log access to drop file in /etc/nginx/ but don't log 404
location = /robots.txt {
        access_log drop;
        log_not_found off;
}

# log access to drop file in /etc/nginx/ but don't log 404
location = /favicon.ico {
        access_log drop;
        log_not_found off;
}

# log access to denied file in /etc/nginx/ but don't log 404 and also deny all to dot files
location ~ /\. {
        access_log denied;
        log_not_found off;
        deny all;
}

# log access to drop file in /etc/nginx/ but don't log 404 and also deny all to files starting with a dollar sign ($temp.config.php)
location ~ ~$ {
        access_log denied;
        log_not_found off;
        deny all;
}

# allow (but not log) Let's Encrypt etc (^~ will override above settings)
location ^~ /.well-known/ {
        log_not_found off;
}

About the Author

Ben Sampson

Ben Sampson

Vegan • PHP Developer • PC Gamer • Love to code • Debian / macOS user

Comments