I've been pulling my hair out for hours now.
My [statamic CMS] sites are running in subdirectories on a staging server.
I'm using and NGINX conf provided by Statamic:
https://gist.github.com/jackmcdade/3866603
Which I've modified like so:
https://gist.github.com/LkeMitchll/b6d8aea6c0845e3a341f
All is working but...
...when I navigate to domain.com/site1/_config/users/admin.yaml I can download the file without restriction!(!!)
The NGINX config line in question is:
location ~ /.(yml|yaml|html) { deny all; }
I've tried the following but no luck:
location ~ /(site1|site2|site3)/.+\.(yml|yaml|html) { deny all; }
To be honest I'm a complete n00b at NGINX, and it's proving much more difficult to use than Apache.
So my question is how do I modify the above statement to restrict access to the .yaml and .html files?
Thanks.
LM
Give this a try. It requires a $ to match end of string.
location ~* (?:\.(?:yml|yaml|html)|~)$ {
deny all;
}