Forbid web.config page from the browser as in https://mydomain.com/web.config
Francis Daly
francis at daoine.org
Thu Nov 12 14:43:43 UTC 2020
On Thu, Nov 12, 2020 at 07:17:46PM +0530, Kaushal Shriyan wrote:
Hi there,
> I am running the Nginx version: nginx/1.16.1 on CentOS Linux release
> 7.8.2003 (Core). I am trying to forbid/prevent web.config file to
> download it from the browser. When I hit
> https://mydomain.com/web.config it is allowing me to download instead of
> forbidding the page ( 403 Forbidden).
When I use this config, it works for me (I get the http 403 response).
Are you sure that the config file with this server{} block is read by
your running nginx?
Are there any other server{} blocks with the same (implicit) "listen"
directive, that might mean that this server{} block is never used?
What do you get if you do
curl -i -H Host:_ http://your-server/web.config
where the "Host:_" part is an attempt to match the server_name that you
set in this server{} block.
(Change "your-server" to be a name or IP that your client can use to get
at the web service.)
Cheers,
f
--
Francis Daly francis at daoine.org
More information about the nginx
mailing list