confused with hiding a directory

Matthieu Tourne matthieu.tourne at
Tue Aug 3 23:13:55 MSD 2010

2010/8/3 Igor Sysoev <igor at>:
> On Tue, Aug 03, 2010 at 02:54:53PM -0400, raubvogel wrote:
>> Let's say I have a directory named conf in the root of my website I want
>> to hide. From what I understood, if I have
>> [code]
>>   location /conf {
>>     deny all;
>>   }[/code]
>> It will not allow anybody to see what is inside /conf. But, what if I do
>> not want people even to know that /conf is there to begin with, while
>> other files and directories are visible?
>    location /conf {
>        internal;
>    }
> nginx will return 404 as location does not exist.


Sometime ago I made a patch to add a "hidden" keyword.
A hidden location is reachable only from on internal request
(subrequest, rewrite), but won't return a 404 if a front facing client
hits this location, instead they would get the last public location in
the tree. ( / instead of /conf for example).

This is useful if you need internal mechanisms, but redirect most of
your traffic using a proxy_pass, and can't make assumption about the
locations about the upstream you proxy.
If you're interested I can update the patch for nginx 0.8.48.

Matthieu Tourne

More information about the nginx mailing list