feat: block dotfile requests across all sites
Test nginx configuration / Static Analysis (push) Failing after 4s
Test nginx configuration / nginx Syntax Check (push) Successful in 20s
Security Scan and Upload / Security & DefectDojo Upload (push) Successful in 1m8s

Adds a deny-dotfiles snippet that returns 403 for any URI matching /\.
(e.g. .gitconfig, .env, .git/) and includes it in every server block.
This commit is contained in:
2026-03-18 11:31:02 -07:00
committed by Naomi Carrigan
parent 1d24a85e07
commit fc252e28e2
34 changed files with 108 additions and 0 deletions
@@ -24,6 +24,7 @@ server {
location /koikatsu {
try_files /koikatsu.html =404;
}
include /etc/nginx/snippets/deny-dotfiles.conf;
}
server {
@@ -42,6 +43,7 @@ server {
add_header Content-Type text/plain;
return 200 "google.com, pub-3569924701890974, DIRECT, f08c47fec0942fa0";
}
include /etc/nginx/snippets/deny-dotfiles.conf;
}
server {
@@ -68,6 +70,7 @@ server {
location /koikatsu {
try_files /koikatsu.html =404;
}
include /etc/nginx/snippets/deny-dotfiles.conf;
}
server {
@@ -86,6 +89,7 @@ server {
add_header Content-Type text/plain;
return 200 "google.com, pub-3569924701890974, DIRECT, f08c47fec0942fa0";
}
include /etc/nginx/snippets/deny-dotfiles.conf;
}
server {
@@ -105,6 +109,7 @@ server {
index index.html;
try_files $uri $uri/ /index.html;
}
include /etc/nginx/snippets/deny-dotfiles.conf;
}
server {
@@ -126,6 +131,7 @@ server {
location /koikatsu {
try_files /koikatsu.html =404;
}
include /etc/nginx/snippets/deny-dotfiles.conf;
}
server {
@@ -147,6 +153,7 @@ server {
location /koikatsu {
try_files /koikatsu.html =404;
}
include /etc/nginx/snippets/deny-dotfiles.conf;
}
# Wildcard catch-all — must remain last so specific subdomains take priority
@@ -160,4 +167,5 @@ server {
location / {
return 301 https://$subdomain.nhcarrigan.com$request_uri;
}
include /etc/nginx/snippets/deny-dotfiles.conf;
}