generated from nhcarrigan/template
feat: block dotfile requests across all sites
Adds a deny-dotfiles snippet that returns 403 for any URI matching /\. (e.g. .gitconfig, .env, .git/) and includes it in every server block.
This commit is contained in:
@@ -24,6 +24,7 @@ server {
|
||||
location /koikatsu {
|
||||
try_files /koikatsu.html =404;
|
||||
}
|
||||
include /etc/nginx/snippets/deny-dotfiles.conf;
|
||||
}
|
||||
|
||||
server {
|
||||
@@ -42,6 +43,7 @@ server {
|
||||
add_header Content-Type text/plain;
|
||||
return 200 "google.com, pub-3569924701890974, DIRECT, f08c47fec0942fa0";
|
||||
}
|
||||
include /etc/nginx/snippets/deny-dotfiles.conf;
|
||||
}
|
||||
|
||||
server {
|
||||
@@ -68,6 +70,7 @@ server {
|
||||
location /koikatsu {
|
||||
try_files /koikatsu.html =404;
|
||||
}
|
||||
include /etc/nginx/snippets/deny-dotfiles.conf;
|
||||
}
|
||||
|
||||
server {
|
||||
@@ -86,6 +89,7 @@ server {
|
||||
add_header Content-Type text/plain;
|
||||
return 200 "google.com, pub-3569924701890974, DIRECT, f08c47fec0942fa0";
|
||||
}
|
||||
include /etc/nginx/snippets/deny-dotfiles.conf;
|
||||
}
|
||||
|
||||
server {
|
||||
@@ -105,6 +109,7 @@ server {
|
||||
index index.html;
|
||||
try_files $uri $uri/ /index.html;
|
||||
}
|
||||
include /etc/nginx/snippets/deny-dotfiles.conf;
|
||||
}
|
||||
|
||||
server {
|
||||
@@ -126,6 +131,7 @@ server {
|
||||
location /koikatsu {
|
||||
try_files /koikatsu.html =404;
|
||||
}
|
||||
include /etc/nginx/snippets/deny-dotfiles.conf;
|
||||
}
|
||||
|
||||
server {
|
||||
@@ -147,6 +153,7 @@ server {
|
||||
location /koikatsu {
|
||||
try_files /koikatsu.html =404;
|
||||
}
|
||||
include /etc/nginx/snippets/deny-dotfiles.conf;
|
||||
}
|
||||
|
||||
# Wildcard catch-all — must remain last so specific subdomains take priority
|
||||
@@ -160,4 +167,5 @@ server {
|
||||
location / {
|
||||
return 301 https://$subdomain.nhcarrigan.com$request_uri;
|
||||
}
|
||||
include /etc/nginx/snippets/deny-dotfiles.conf;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user