Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SECURITY: prevent direct download of backups

This commit is contained in:
Régis Hanol 2014-12-03 12:47:28 +01:00
parent 8ab32396a7
commit acc62f2ec2
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
config/nginx.sample.conf
View File

@ -58,6 +58,11 @@ server {
# further more etags are based on the file in nginx not sha of data # further more etags are based on the file in nginx not sha of data
# use dates, it solves the problem fine even cross server # use dates, it solves the problem fine even cross server
etag off; etag off;
# prevent direct download of backups
location ^~ /backups/ {
internal;
}
location / { location / {
root $public; root $public;