From c1816bc9f21704f71f4f00ae47ae137e894c3365 Mon Sep 17 00:00:00 2001
From: Robles Rodolphe <rodolphe.robles@sfr.fr>
Date: Thu, 23 Jul 2020 15:04:38 +0200
Subject: [PATCH] protect sensibles urls

---
 conf/nginx.conf | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/conf/nginx.conf b/conf/nginx.conf
index 7f58bb4..cf253bc 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -6,6 +6,18 @@ alias __FINALPATH__/www/ ;
 if ($scheme = http) {
     rewrite ^ https://$server_name$request_uri? permanent;
   }
+  
+  # Protecting sensibles urls
+  location ~ 403 {
+    rewrite ^(.*)$ /include/ redirect;
+    rewrite ^(.*)$ /cache/ redirect;
+    rewrite ^(.*)$ /plugins/ redirect;
+    rewrite ^(.*)$ /templates/ redirect;
+    rewrite ^(.*)$ /.*.sqlite redirect;
+    rewrite ^(.*)$ /.*.log redirect;
+    rewrite ^(.*)$ /(README|VERSION|COPYING) redirect;
+    rewrite ^(.*)$ /config\.(.*)\.php redirect;
+    }
 
   # Example PHP configuration (remove if not used)
   location __PATH__/ {