On Thu, Nov 12, 2020 at 07:17:46PM +0530, Kaushal Shriyan wrote: Hi there,
> I am running the Nginx version: nginx/1.16.1 on CentOS Linux release > 7.8.2003 (Core). I am trying to forbid/prevent web.config file to > download it from the browser. When I hit > https://mydomain.com/web.config it is allowing me to download instead of > forbidding the page ( 403 Forbidden). When I use this config, it works for me (I get the http 403 response). Are you sure that the config file with this server{} block is read by your running nginx? Are there any other server{} blocks with the same (implicit) "listen" directive, that might mean that this server{} block is never used? What do you get if you do curl -i -H Host:_ http://your-server/web.config where the "Host:_" part is an attempt to match the server_name that you set in this server{} block. (Change "your-server" to be a name or IP that your client can use to get at the web service.) Cheers, f -- Francis Daly [email protected] _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
