From 7ce69050a80d23e1cd0ee6c29c5f1341f5c287fc Mon Sep 17 00:00:00 2001 From: myprivacyisgone Date: Sun, 16 Jan 2022 18:58:18 +0800 Subject: [PATCH] Secure PHP Backend --- conf/nginx.conf | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index 12b695d..3e30c7c 100755 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -16,6 +16,7 @@ location __PATH__/ { } client_max_body_size 30m; + location ~ [^/]\.php(/|$) { fastcgi_split_path_info ^(.+?\.php)(/.*)$; fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock; @@ -26,6 +27,29 @@ location __PATH__/ { fastcgi_param SCRIPT_FILENAME $request_filename; } + location ~ /\. { + deny all; + access_log off; + log_not_found off; + } + + location ~* \.(jpg|jpeg|png|gif|css|js|ico|webp)$ { + expires max; + log_not_found off; + } + + location ~ /(system/logs|resources/download) { + deny all; + return 403; + } + + location /admin/ { + location ~ .*\.(php)?$ { + deny all; + return 403; + } + } + # Include SSOWAT user panel. include conf.d/yunohost_panel.conf.inc; -} \ No newline at end of file +}