Get Simple on NGINX Security - Printable Version +- GetSimple Support Forum (http://get-simple.info/forums) +-- Forum: GetSimple (http://get-simple.info/forums/forumdisplay.php?fid=3) +--- Forum: General Questions and Problems (http://get-simple.info/forums/forumdisplay.php?fid=16) +--- Thread: Get Simple on NGINX Security (/showthread.php?tid=2948) |
Get Simple on NGINX Security - tested0002 - 2012-03-19 Hi, I'm new here but I'm using GetSimple a year ago. Migrating from apache to NGINX would be a nice idea but it seems Get Simple is not really secure on NGINX server. Get Simple relies on .htaccess to protect a folder. But .htaccess is not NGINX friendly and it will not work. On the folder "/data/users/admin.xml" which is the top secret of your website will be able to access by other users. I hope there will be a solution on this problem and you will take this seriously in order to others will benefit on this opensource project. Get Simple on NGINX Security - yojoe - 2012-03-19 Nginx has its own rewrite rules. You can try to block the directory, by adding to nginx.conf file Code: location /data/users/ { There are also methods to do a link rewrites, instead of apache's rewrite nginx uses try_files directive. I can't guarantee this will work. I've never touched nginx. Somebody posted long time ago some rewrite rules for nginx. Maybe they will be still working. Get Simple on NGINX Security - Zegnåt - 2012-03-19 tested0002 Wrote:[I]t seems GetSimple is not really secure on nginx server. GetSimple relies on .htaccess to protect a folder. But .htaccess is not nginx friendly and it will not work.Let me first say that it isn’t that GetSimple is insecure on nginx server software, it was just never made for it or tested to run on it. There is a difference there. It is like saying a program is a virus because it can mess up your Windows computer, even when the program was made to be run on Mac computers only. With that out of the way, different users have been trying to get it to work on nginx. marrco has even published his configuration file which includes URL rewrites, and caching. It also includes XML access blocking: Code: location ~* \.xml$ { deny all; } Get Simple on NGINX Security - tested0002 - 2012-03-19 Thank you for all your reply guys this codes Code: location /data/users/ { does its jobs perfectly. Get Simple on NGINX Security - Zegnåt - 2012-03-19 tested0002 Wrote:Do note that this will only protect your user files. All other XML data will still be available. Get Simple on NGINX Security - marrco - 2012-03-19 @tested0002 sample config updated to: Code: # this blocks direct access to XML files (but sitemap.xml) - they hold all the data since in original apache .htaccess there is a deny for all xml files i think it's better to stick with that rule. |