Manage files access with Nginx

ngnix

Temporary files

Usually, it always better to prevent the access of temporay files from you web server. They can content very interessing information for a hacker (database construction, local path location, even passwords sometimes!). To forbid everyone to access to these files you should add these lines to your Nginx website configuration located in /etc/nginx/site-availables/YOUR_SITE:

# Prevent access to any files finishing with a ~ (usually temp files)
location ~* \~$ { access_log off; log_not_found off; deny all; }

# Prevent access to any files starting with a dot, like .htaccess or text editor temp files
location ~ /\. { access_log off; log_not_found off; deny all; }

# Prevent access to any files starting with a $ (usually temp files)
location ~ ~$ { access_log off; log_not_found off; deny all; }

Don't forget to reload Nginx:

/etc/ini.d/nginx reload

And now you should not longer be able to access these temporary files from any web browser!

Log files

An other usefull trick to limit the size of you log and keep then cleaner is to prevent them to be listed. Again, you could add these lines into /etc/nginx/site-availables/YOUR_SITE:

# Do not log access to robots.txt, to keep the logs cleaner
location = /robots.txt { access_log off; log_not_found off; }

# Do not log access to the favicon, to keep the logs cleaner
location = /favicon.ico { access_log off; log_not_found off; }

Then to reload Nginx:

/etc/ini.d/nginx reload