Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
S
S
Svyatoslav Nemato2017-10-27 15:25:55
Nginx
Svyatoslav Nemato, 2017-10-27 15:25:55

How to prevent downloading files from certain directories?

The Nginx + Apache
Nginx bundle serves as a proxy for serving files.
It is necessary to prohibit downloading any files from 2 directories /var/www/files/texture and /var/www/files/score
Help with regular expression for Nginx
config My nginx config.

server {
    listen 80 default_server;
    listen [::]:80 default_server;

    # Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
    return 301 https://$host$request_uri;
}
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
    ssl_certificate      /etc/letsencrypt/live/site.com/fullchain.pem;
    ssl_certificate_key  /etc/letsencrypt/live/site.com/privkey.pem;
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;

    # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
    ssl_dhparam   /etc/letsencrypt/live/site.com/dhparam.pem;

    # intermediate configuration. tweak to your needs.
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers 'EC89E-ECDSA-CHA';
    ssl_prefer_server_ciphers on;

    # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
    add_header Strict-Transport-Security max-age=15768000;

    # OCSP Stapling ---
    # fetch OCSP records from URL in ssl_certificate and cache them
    ssl_stapling on;
    ssl_stapling_verify on;

    ## verify chain of trust of OCSP response using Root CA and Intermediate certs
    ssl_trusted_certificate  /etc/letsencrypt/live/site.com/fullchain.pem;

    resolver 8.8.8.8;

    server_name site.com;
    root /var/www/html/;
    index index.php index.html;

    location ~* ^(?!/3rwer2r3qr/).+\.(jpg|jpeg|gif|png|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|tar|wav|bmp|rtf|swf|ico|flv|$
         access_log off;
         expires 30d;
    }

    # запрет на доступ к .htaccess
    location ~ /\.ht {
       deny all;
    }
    location ~* (files/texture|files/score)/.+\.*${
        deny all;
    }

    # передача запроса апачу
    location / {
        proxy_pass http://127.0.0.1:81/; # Порт на котором висит Apache
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-for $remote_addr;
        proxy_set_header Host $host;
        proxy_connect_timeout 300;
        proxy_send_timeout 300;
        proxy_read_timeout 300;
        proxy_redirect off;
        proxy_set_header Connection close;
        proxy_pass_header Content-Type;
        proxy_pass_header Content-Disposition;
        proxy_pass_header Content-Length;
    }
}

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
S
Svyatoslav Nemato, 2017-11-17
@makklovskiy

location ^~ /files/score/ {
deny all;
return 404;
}

Report
V
Vladimir Mukovoz, 2017-10-27
@castomi

In your settings, you don’t even have access to these directories), so be calm and nothing will be downloaded this way)

Similar questions
A
Abc Edc2015-04-07 20:48:01
How to make image stretching with scaling? 3Reply
I
Ingerniated2017-05-30 20:25:42
Will Soviet speakers fit a foreign amplifier? 3Reply
D
Denis99992021-05-04 20:24:20
How to display a mini-cart in wookomers after adding a product via ajax? 2Reply
M
mr_drinkens892015-02-13 09:31:35
How to redirect to a subdomain of the django nginx main page? 1Reply
M
miki1312015-02-14 21:15:16
How to set up PHP-FPM? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question