From 7ce69050a80d23e1cd0ee6c29c5f1341f5c287fc Mon Sep 17 00:00:00 2001
From: myprivacyisgone <caiu@tutanota.com>
Date: Sun, 16 Jan 2022 18:58:18 +0800
Subject: [PATCH] Secure PHP Backend

---
 conf/nginx.conf | 26 +++++++++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

diff --git a/conf/nginx.conf b/conf/nginx.conf
index 12b695d..3e30c7c 100755
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -16,6 +16,7 @@ location __PATH__/ {
     }
 
     client_max_body_size 30m;
+
     location ~ [^/]\.php(/|$) {
       fastcgi_split_path_info ^(.+?\.php)(/.*)$;
       fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock;
@@ -26,6 +27,29 @@ location __PATH__/ {
       fastcgi_param SCRIPT_FILENAME $request_filename;
     }
 
+    location ~ /\. {
+        deny all;
+        access_log off;
+        log_not_found off;
+    }
+    
+    location ~*  \.(jpg|jpeg|png|gif|css|js|ico|webp)$ {
+        expires max;
+        log_not_found off;
+    }
+
+    location ~ /(system/logs|resources/download) {
+      deny all;
+      return 403;
+    }
+
+    location /admin/ {
+        location ~ .*\.(php)?$ {
+          deny all;
+          return 403;
+        }
+    }
+
   # Include SSOWAT user panel.
   include conf.d/yunohost_panel.conf.inc;
-}
\ No newline at end of file
+}