Let’s say I have a directory named conf in the root of my website I want
to hide. From what I understood, if I have
location /conf {
deny all;
}
It will not allow anybody to see what is inside /conf. But, what if I do
not want people even to know that /conf is there to begin with, while
other files and directories are visible?
On Tue, Aug 03, 2010 at 02:54:53PM -0400, raubvogel wrote:
Let’s say I have a directory named conf in the root of my website I want
to hide. From what I understood, if I have
location /conf {
deny all;
}
It will not allow anybody to see what is inside /conf. But, what if I do
not want people even to know that /conf is there to begin with, while
other files and directories are visible?
Thanks for the suggestion. Unfortunately the directory conf is still
being shown. Once I click on it, I get the 404 error. Here is the conf
file for the site, just in case I have done something somewhere else
that is affecting this (nginx.conf has not being touched):
Sometime ago I made a patch to add a “hidden” keyword.
A hidden location is reachable only from on internal request
(subrequest, rewrite), but won’t return a 404 if a front facing client
hits this location, instead they would get the last public location in
the tree. ( / instead of /conf for example).
This is useful if you need internal mechanisms, but redirect most of
your traffic using a proxy_pass, and can’t make assumption about the
locations about the upstream you proxy.
If you’re interested I can update the patch for nginx 0.8.48.
On Tue, Aug 03, 2010 at 12:13:55PM -0700, Matthieu T. wrote:
not want people even to know that /conf is there to begin with, while
Sometime ago I made a patch to add a “hidden” keyword.
A hidden location is reachable only from on internal request
(subrequest, rewrite), but won’t return a 404 if a front facing client
hits this location, instead they would get the last public location in
the tree. ( / instead of /conf for example).
This is useful if you need internal mechanisms, but redirect most of
your traffic using a proxy_pass, and can’t make assumption about the
locations about the upstream you proxy.
If you’re interested I can update the patch for nginx 0.8.48.
On Tue, Aug 03, 2010 at 03:13:02PM -0400, raubvogel wrote:
Thanks for the suggestion. Unfortunately the directory conf is still
being shown. Once I click on it, I get the 404 error. Here is the conf
Well, what should nginx return for this location ?
Also, what should nginx return for any non-existant file/directory ?
404 means that there is no such file/dirctory on site.
Sorry for taking so long; I had to put that server into production. So I
built another (the first one is an ubuntu one), applied your patch to
nginx-0.8.50 (it did not bark), and compiled it. So, I set the conf dir
as
location /conf {
hidden;
}
and restarted nginx. Unfortunately I can still see the directory. Did I
miss anything?
I would really appreciate if you could update this patch; it sure sounds
like exactly what I need.
Thanks!
This patch should work with nginx-0.8.42 and above, I just tried and
it seems to work with 0.8.48.
To apply it :
patch -p1 < nginx-0.8.42_hidden-location.patch
if you request for /conf externally you should hit
http:///conf via the proxy_pass. The nginx /conf is
accessible only from a subrequest.
Is it what you’re trying to achieve, or do you have a different scenario
?
Matthieu.
–
Matthieu T.
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.