From e648063520ebf67068fefc1e8ef7ad0b651e7aff Mon Sep 17 00:00:00 2001
From: Xavier ROOT <soyouz@src386.org>
Date: Fri, 12 Feb 2016 10:12:05 +0100
Subject: [PATCH] improve log/ and config/ protection in nginx

---
 CHANGELOG       |  1 +
 conf/nginx.conf | 10 +++++++---
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 0959655..19abe40 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -2,6 +2,7 @@
 
 1.6.1 2016-02-12
 - Update to movim 0.9 git2016-01-27
+- Improve config/ and log/ protection (nginx)
 
 1.6 2016-01-27
 - Update to movim 0.9 git2016-01-27
diff --git a/conf/nginx.conf b/conf/nginx.conf
index 44ab002..3d2ca11 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -40,9 +40,13 @@ location ~ /\.ht {
 	deny all;
 	}
 
-location ~ /(config|log)$ {
-	return 403;
-	}
+location ^~ /movim/log/ {
+        return 403;
+        }
+
+location ^~ /movim/config/ {
+        return 403;
+        }
 
 # Include SSOWAT user panel.
 include conf.d/yunohost_panel.conf.inc;