confused with hiding a directory
Matthieu Tourne
matthieu.tourne at gmail.com
Tue Aug 3 23:13:55 MSD 2010
2010/8/3 Igor Sysoev <igor at sysoev.ru>:
> On Tue, Aug 03, 2010 at 02:54:53PM -0400, raubvogel wrote:
>
>> Let's say I have a directory named conf in the root of my website I want
>> to hide. From what I understood, if I have
>> [code]
>> location /conf {
>> deny all;
>> }[/code]
>> It will not allow anybody to see what is inside /conf. But, what if I do
>> not want people even to know that /conf is there to begin with, while
>> other files and directories are visible?
>
> location /conf {
> internal;
> }
>
> nginx will return 404 as location does not exist.
>
Hi,
Sometime ago I made a patch to add a "hidden" keyword.
A hidden location is reachable only from on internal request
(subrequest, rewrite), but won't return a 404 if a front facing client
hits this location, instead they would get the last public location in
the tree. ( / instead of /conf for example).
This is useful if you need internal mechanisms, but redirect most of
your traffic using a proxy_pass, and can't make assumption about the
locations about the upstream you proxy.
If you're interested I can update the patch for nginx 0.8.48.
--
Matthieu Tourne
More information about the nginx
mailing list