server-configs/nginx/h5bp/location/protect-system-files.conf

# Prevent clients from accessing hidden files (starting with a dot)
# This is particularly important if you store .htpasswd files in the site hierarchy
# Access to `/.well-known/` is allowed.
# https://www.mnot.net/blog/2010/04/07/well-known
# https://tools.ietf.org/html/rfc5785
location ~* /\.(?!well-known\/) {
  deny all;
}

# Prevent clients from accessing to backup/config/source files
location ~* (?:\.(?:bak|conf|dist|fla|in[ci]|log|psd|sh|sql|sw[op])|~)$ {
  deny all;
}
Add gzip and h5bp configuration to the nginx config 2016-05-30 20:18:10 -04:00			`# Prevent clients from accessing hidden files (starting with a dot)`
			`# This is particularly important if you store .htpasswd files in the site hierarchy`
			# Access to `/.well-known/` is allowed.
			`# https://www.mnot.net/blog/2010/04/07/well-known`
			`# https://tools.ietf.org/html/rfc5785`
			`location ~* /\.(?!well-known\/) {`
			`deny all;`
			`}`

			`# Prevent clients from accessing to backup/config/source files`
			`location ~* (?:\.(?:bak\|conf\|dist\|fla\|in[ci]\|log\|psd\|sh\|sql\|sw[op])\|~)$ {`
			`deny all;`
			`}`