Запрет доступа к некоторым каталогам сайта в конфигурации nginx
Связка Nginx + Apache Nginx служит как прокси для выдачи файлов.
Нужно запретить скачивать любые файлы из 2-ух каталогов /var/www/files/texture и /var/www/files/score
Мой конфиг nginx.
server {
listen 80 default_server;
listen [::]:80 default_server;
# Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
ssl_certificate /etc/letsencrypt/live/site.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/site.com/privkey.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
ssl_dhparam /etc/letsencrypt/live/site.com/dhparam.pem;
# intermediate configuration. tweak to your needs.
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'EC89E-ECDSA-CHA';
ssl_prefer_server_ciphers on;
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Strict-Transport-Security max-age=15768000;
# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;
## verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /etc/letsencrypt/live/site.com/fullchain.pem;
resolver 8.8.8.8;
server_name site.com;
root /var/www/html/;
index index.php index.html;
location ~* ^(?!/3rwer2r3qr/).+\.(jpg|jpeg|gif|png|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|tar|wav|bmp|rtf|swf|ico|flv|$
access_log off;
expires 30d;
}
# запрет на доступ к .htaccess
location ~ /\.ht {
deny all;
}
location ~* (files/texture|files/score)/.+\.*${
deny all;
}
# передача запроса апачу
location / {
proxy_pass http://127.0.0.1:81/; # Порт на котором висит Apache
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $remote_addr;
proxy_set_header Host $host;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
proxy_redirect off;
proxy_set_header Connection close;
proxy_pass_header Content-Type;
proxy_pass_header Content-Disposition;
proxy_pass_header Content-Length;
}
}
К слову в этих папках лежит ещё файл .htaccess с таким содержанием:
Options All -Indexes
order allow,deny
deny from all