Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Text and Markdown file extensions are blocked in nginx with Drupal private files system #924

Closed
rocketeerbkw opened this issue Feb 7, 2024 · 0 comments · Fixed by #991
Closed

Text and Markdown file extensions are blocked in nginx with Drupal private files system #924

rocketeerbkw opened this issue Feb 7, 2024 · 0 comments · Fixed by #991

Comments

@rocketeerbkw
Copy link
Member

The Drupal nignx configuration blocks loading of all *.txt and *.md files to hide some of the Drupal core files like CHANGELOG.txt. There is an exception for allowing these files from the public filesystem directory (sites/default/files) since those would be files added dynamically (like on a field field) and should not be blocked.

It looks like there is no exception for the private files directory though. In Drupal all private files are loaded through a Drupal handler with the url system/files/* and this is not included in the exception. Since private files are also added dynamically (like on a field field), these should not be blocked by nginx config either.

Relevant part of the config:

## Do not allow access to .txt and .md unless inside sites/*/files/
location ~* ^(?!.+sites\/.+\/files\/).+\.(txt|md)$ {
  deny all;
  access_log off;
  log_not_found off;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: don't block txt/md in Drupal private filesystem uselagoon/lagoon-images
1 participant
@rocketeerbkw