Now that I have nginx setup I need to be able to hide my .git directories. What kind of rewrite would I need to stop prying eyes? And where in the server {} or http {} block would it go?
http {
server {
location ~ /\.git {
deny all;
}
}
}
This location directive will deny access to any .git directory in any subdirectory.
Note: This location block must be before your main location block, so that it can be evaluated first.
Hidden directories and files should never be web accessible. The general answer to your question is:
location ~ /\. { return 403; }
This denies access to .git, .svn, .htaccess and similar files in any subdirectory.
With other solutions I could download /.git/config and others, just /.git was protected. This one denies everything starting with a dot, regardless how deep the requested URL is:
location ~ /\.(.*)/?(.*)? {
return 404;
}
This will prevent someone from hitting the http://example.com/.git but if your working in a subdirectory like this http://example.com/example/.git it will fail. You really need:
location ~ .*/\.git {
deny all;
}
Related
I generate a dynamic image on http://example.com/image/some_param1/some_param2/
I do:
HttpResponse(img.image, content_type=magic.from_file(img.image.path, mime=True))
It is displaying image fine, however, it is not cached in browser. I tried adding:
location /image {
uwsgi_pass django;
include /home/tomas/Desktop/natali_reality/uwsgi_params;
expires 365d;
}
But it doesn't work. Is there a solution for this?
How to change request header value conditionally depending on another header value in nginx reverse proxy?
You can use the nginx ngx_http_map_module.
A good example is here - Mapping Headers in Nginx.
Basically you need to map the requested header (I used the from_header in the configuration below)to the new header (to_header in the example) and later use proxy_set_header.
map $http_from_header $to_header {
default a;
value_1 b;
value_2 c;
}
server {
....
location / {
include proxy_params;
proxy_set_header To_Header $to_header;
}
}
Nginx takes any HTTP headers, lower-cases them, and converts dashes to underscores. They become accessible as variables starting with $http_.
That way you should get what you need.
Good luck
I'm trying to get the following code to work:
location = /test-site/wp-login.php {
allow 192.168.0.56;
include /etc/nginx/fastcgi_params;
fastcgi_pass php;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/test-site.com/html$fastcgi_script_name;
deny all;
}
The problem is, due to the multisite configuration on Wordpress, there are 3 rewrites that need to be performed in order to get to the right subsite. Even with the rewrites, the above block doesn't work because with the rewrite, it's stripping out the /test-site/ part.
Instead, it matches this and uses this nginx configuration:
location = /wp-login.php {
#allow 192.168.0.0/16;
allow 192.168.0.56;
include /etc/nginx/fastcgi_params;
fastcgi_pass php;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/test-site.com/html$fastcgi_script_name;
deny all;
}
I've had some success changing the rewrite to ignore /test-site/ and keep it, but then it changes the $fastcgi_script_name variable to be /var/www/site.com/html/test-site/wp-login and the /test-site/ directory doesn't exist because it's actually a subsite.
If I take out the $fastcgi_script_name variable and hardcode /var/www/site.com/html/wp-login.php to be there instead, it gets me to the site, but it doesn't set the variable back to the proper value to find and of the image or style files.
Anyone have any experience with this? I'm basically trying to allow everyone access to wp-login.php on one subsite, but block them from any of the other subsites in my wordpress environment.
I am using Jetty-9 in embedded mode and need only one web application. Consequently I would like the root URL to go to the homepage of that application, i.e. something like
http://localhost:4444/
should end up in a servlet. I start out with:
ServletContextHandler scContext =
new ServletContextHandler(ServletContextHandler.SESSIONS);
scContext.setContextPath("/");
None of the following worked, neither
scContext.addServlet(ListsServlet.class, "/");
nor
scContext.setWelcomeFiles(new String[]{"/lists})
where /lists is mapped to the ListsServlet servlet. All I get is a 403 (Forbidden).
I do not use the DefaultServlet, which seems to handle welcome files. But since the ServletContextHandler has setWelcomeFiles I expected it to contain the logic to use them.
Any ideas?
For the 403 Forbidden error, you have some security setup that is not allowing you to access the handlers/servlets.
Eliminate that security (for now), verify that the rest is working, then add security a bit later to lock down specifics.
If you want to see some the suggestions below at work, consider looking at the code example in the answer from another stackoverflow: How to correctly support html5 <video> sources with jetty.
Welcome files are appended to the incoming request path if there is nothing present at that location. For example requesting a directory and then a welcome-file of 'index.html' is appended to the request path.
While this would work ...
scContext.setWelcomeFiles(new String[]{"lists"})
// Add Default Servlet (must be named "default")
ServletHolder holderDefault = new ServletHolder("default",DefaultServlet.class);
holderDefault.setInitParameter("resourceBase",baseDir.getAbsolutePath());
holderDefault.setInitParameter("dirAllowed","true");
holderDefault.setInitParameter("welcomeServlets","true");
holderDefault.setInitParameter("redirectWelcome","true");
scContext.addServlet(holderDefault,"/");
It's likely not what you are aiming for, as you said the root path only.
The above would also make changes to requests like /foo/ to /foo/lists
Instead, it might make more sense to use a Rewrite rule + handler instead of the welcome-files approach.
RewriteHandler rewrite = new RewriteHandler();
rewrite.setHandler(scContext);
RewritePatternRule rootRule = new RewritePatternRule();
rootRule.setPattern("/");
rootRule.setReplacement("/list");
rootRule.setTerminating(true);
rewrite.addRule(rootRule);
server.setHandler(rewrite);
This RewritePatternRule simply changes any request path / to /list and then forwards that request to the wrapped ssContext (if you want to see the /list on the browser, change it to a RedirectPatternRule instead.
I'm trying to redirect traffic to our new server but the old server (Mac OS) used case insensitive file names while the new (embedded) one uses Linux (case sensitive).
My problem is to redirect traffic from:
http://server.com/NEW/variable_url
to
http://server.com/new/variable_url
(note the lower 'new').
I would like to be able to do this for nginx without using perl or lua or other modules as this server is running in an embedded environment.
So far I tried:
location ~* ^/new/ {
access_log /var/log/nginx/new.log combined;
rewrite ^/new/(.*)$ $1 permanent;
}
without success.
Solved it myself. I was missing the root directive which points to the root of the web server. So for anyone interested the solution is:
location ~* ^/NEW/ {
root /etc/nginx/html/;
rewrite /NEW/(.*)$ /new/$1 permanent;
}
Maybe something like this?
location /NEW {
rewrite ^/NEW/(.*)$ /new;
}
If you want to redirect traffic from the specific link /NEW/exampe1, you could try
location =/NEW/example1
{
rewrite ^ /new/example1 last;
}