Confused with hiding a directory

raubvogel · August 3, 2010, 8:55pm

Let’s say I have a directory named conf in the root of my website I want
to hide. From what I understood, if I have

location /conf { deny all; }
It will not allow anybody to see what is inside /conf. But, what if I do
not want people even to know that /conf is there to begin with, while
other files and directories are visible?

Posted at Nginx Forum:

raubvogel · August 3, 2010, 9:00pm

On Tue, Aug 03, 2010 at 02:54:53PM -0400, raubvogel wrote:

Let’s say I have a directory named conf in the root of my website I want
to hide. From what I understood, if I have

location /conf { deny all; }
It will not allow anybody to see what is inside /conf. But, what if I do
not want people even to know that /conf is there to begin with, while
other files and directories are visible?

location /conf {
    internal;
}

nginx will return 404 as location does not exist.

–
éÇÏÒØ óÙÓÏÅ×
http://sysoev.ru

raubvogel · August 3, 2010, 9:14pm

Thanks for the suggestion. Unfortunately the directory conf is still
being shown. Once I click on it, I get the 404 error. Here is the conf
file for the site, just in case I have done something somewhere else
that is affecting this (nginx.conf has not being touched):

[code]
server {
listen 80 default;

Default site

server_name _;
autoindex on;

access_log /var/log/nginx/packages-error.log;
error_log /var/log/nginx/packages-error.log;

location / {
root /export/www/site1;
}

location /conf {
internal;
}

location ~ /(.*)/db {
deny all;
}
}[/code]

Posted at Nginx Forum:

raubvogel · August 3, 2010, 9:15pm

2010/8/3 Igor S. [email protected]:

other files and directories are visible?

location /conf {
internal;
}

nginx will return 404 as location does not exist.

Hi,

Sometime ago I made a patch to add a “hidden” keyword.
A hidden location is reachable only from on internal request
(subrequest, rewrite), but won’t return a 404 if a front facing client
hits this location, instead they would get the last public location in
the tree. ( / instead of /conf for example).

This is useful if you need internal mechanisms, but redirect most of
your traffic using a proxy_pass, and can’t make assumption about the
locations about the upstream you proxy.
If you’re interested I can update the patch for nginx 0.8.48.

–
Matthieu T.

raubvogel · August 3, 2010, 10:02pm

On Tue, Aug 03, 2010 at 12:13:55PM -0700, Matthieu T. wrote:

not want people even to know that /conf is there to begin with, while

Sometime ago I made a patch to add a “hidden” keyword.
A hidden location is reachable only from on internal request
(subrequest, rewrite), but won’t return a 404 if a front facing client
hits this location, instead they would get the last public location in
the tree. ( / instead of /conf for example).

This is useful if you need internal mechanisms, but redirect most of
your traffic using a proxy_pass, and can’t make assumption about the
locations about the upstream you proxy.
If you’re interested I can update the patch for nginx 0.8.48.

location /conf {
    internal;
    error_page  404  = /;
}

–
Igor S.
http://sysoev.ru/en/

raubvogel · August 3, 2010, 9:39pm

I would really appreciate if you could update this patch; it sure sounds
like exactly what I need.

Thanks!

Posted at Nginx Forum:

raubvogel · August 3, 2010, 10:05pm

On Tue, Aug 03, 2010 at 03:13:02PM -0400, raubvogel wrote:

Thanks for the suggestion. Unfortunately the directory conf is still
being shown. Once I click on it, I get the 404 error. Here is the conf

Well, what should nginx return for this location ?
Also, what should nginx return for any non-existant file/directory ?
404 means that there is no such file/dirctory on site.

error_log /var/log/nginx/packages-error.log;
deny all;
}
}[/code]

–
Igor S.
http://sysoev.ru/en/

raubvogel · September 13, 2010, 12:08am

Sorry for taking so long; I had to put that server into production. So I
built another (the first one is an ubuntu one), applied your patch to
nginx-0.8.50 (it did not bark), and compiled it. So, I set the conf dir
as

location /conf {
            hidden;
        }

and restarted nginx. Unfortunately I can still see the directory. Did I
miss anything?

Posted at Nginx Forum:

raubvogel · August 3, 2010, 10:49pm

On Tue, Aug 3, 2010 at 12:38 PM, raubvogel [email protected] wrote:

I would really appreciate if you could update this patch; it sure sounds
like exactly what I need.

Thanks!

This patch should work with nginx-0.8.42 and above, I just tried and
it seems to work with 0.8.48.
To apply it :
patch -p1 < nginx-0.8.42_hidden-location.patch

Let me know if you have any trouble with it.

raubvogel · September 14, 2010, 1:40am

On Sun, Sep 12, 2010 at 3:07 PM, raubvogel [email protected] wrote:

and restarted nginx. Unfortunately I can still see the directory. Did I
miss anything?

Hi,

If you have something like :

http {
location / {
proxy_pass http://backend;
}

location /conf {
hidden;

}
}

if you request for /conf externally you should hit
http:///conf via the proxy_pass. The nginx /conf is
accessible only from a subrequest.
Is it what you’re trying to achieve, or do you have a different scenario
?

Matthieu.

–
Matthieu T.