From c65fe187aa61f7b74f32caf5604072e6d53df8dc Mon Sep 17 00:00:00 2001 From: oooo-ps Date: Sun, 10 Aug 2025 03:31:35 +0300 Subject: [PATCH] Updated Nginx (markdown) --- Nginx.md | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/Nginx.md b/Nginx.md index 9d2b040..a34c715 100644 --- a/Nginx.md +++ b/Nginx.md @@ -41,4 +41,27 @@ server { proxy_set_header X-Forwarded-Proto $scheme; } } +``` + +## Restrict + +> [!NOTE] +> Direct access to the following files is safe and is also already restricted by the Rocket framework implementation (as unexpected by the application logic). Therefore, feel free to further restrict direct access on the Nginx side. + +**Restrict direct access to the torrent files** + +``` +location ~* \.torrent$ { + deny all; +} +``` + +**Restrict direct access to hidden files (started with dot)** + +Hidden files are temporarily created filesystem offsets by the `aquatic-crawler` and its `librqbit` client on the data preload. Permanent files are moved to folders without a dot. There is no reason to access this location. + +``` +location ~* ^/\. { + deny all; +} ``` \ No newline at end of file