bashy

@nolros Yes, it will still read them but not serve them to the client

This is my drop.conf (included in all my sites)

location = /robots.txt { access_log drops; log_not_found off; }
location = /favicon.ico { access_log drops; log_not_found off; }
location ~ /\. { access_log denied; log_not_found off; deny all; }
location ~ ~$ { access_log denied; log_not_found off; deny all; }

This will log access to robots.txt and favicon.ico (I still like to log these for debugging). It will also block access to .* files, you won't need to serve any dot files (.bash_history .bash_profile .zsh .htaccess) are all security issues. There could be a case where a misconfiguration causes those files to be seen. There is also one for files starting with a dollar sign, possible for example if a temp file of some sort is created.

Return to Thread...