In nginx, best to just not serve dot files: location ~ /\. { deny all; access_lo... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		nodesocket on July 27, 2015 \| parent \| context \| favorite \| on: One in every 600 websites has .git exposed In nginx, best to just not serve dot files: `location ~ /\. { deny all; access_log off; log_not_found off; }`

therealmarv on July 27, 2015 [–]

This returns 403 and in my opinion logs should not be turned off for that. I would return 404 to not expose that you are blocking . files with your server. My suggestion to put in each server { ... }

    location ~ /\.  { deny all; return 404; }

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact