On Thu, Nov 12, 2020 at 8:13 PM Francis Daly <[email protected]> wrote:
> On Thu, Nov 12, 2020 at 07:17:46PM +0530, Kaushal Shriyan wrote: > > Hi there, > > > I am running the Nginx version: nginx/1.16.1 on CentOS Linux release > > 7.8.2003 (Core). I am trying to forbid/prevent web.config file to > > download it from the browser. When I hit > > https://mydomain.com/web.config it is allowing me to download instead of > > forbidding the page ( 403 Forbidden). > > When I use this config, it works for me (I get the http 403 response). > > Are you sure that the config file with this server{} block is read by > your running nginx? > > Are there any other server{} blocks with the same (implicit) "listen" > directive, that might mean that this server{} block is never used? > > What do you get if you do > > curl -i -H Host:_ http://your-server/web.config > > where the "Host:_" part is an attempt to match the server_name that you > set in this server{} block. > > (Change "your-server" to be a name or IP that your client can use to get > at the web service.) > Hi Francis, Thanks Francis for the email response. There are two servers {} blocks one with *listen 80 default_server* and the other with *listen 443 ssl* I am running the website on port 443 and added the below in the server block with listen 443 ssl. It worked perfectly. Thanks a lot for pointing the issue and appreciate it. location ^~ /web.config { > deny all; > } Best Regards, Kaushal
_______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
