Commit 18bd7c1e authored by memtkmcc's avatar memtkmcc

Issue #3149961: Nginx - [Option] Deny public access to webform uploaded files

parent 87e2a3b6
......@@ -534,6 +534,34 @@ location ~* ^/sites/.*/files/civicrm/(?:ConfigAndLog|custom|upload|templates_c)
}
<?php if ($nginx_config_mode == 'extended'): ?>
###
### [Option] Deny public access to webform uploaded files
### for privacy reasons and to prevent phishing attacks.
### The files uploaded should be available only via SFTP.
###
location ~* ^/sites/.*/files/webform/ {
access_log off;
log_not_found off;
expires 99s;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
try_files $uri =404;
### to deny the access replace the last line with:
### return 404;
}
location ~* ^/files/webform/ {
access_log off;
log_not_found off;
expires 99s;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
try_files $uri =404;
### to deny the access replace the last line with:
### return 404;
}
###
### Deny often flooded URI for performance reasons
###
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment