Want hide directory nginx but didnt lost the content - nginx

I have folder images, css, class, js, includes at my application.
and if somebody access that folder --> 403 Forbidden
I want custom this output 403 Forbidden ---> 404 Not Found
I'll try this code
location ~ /(.*)/{ return 404; }
It was sucessfull, the output 404 Not Found
but my images, css, class, js, includes LOST at my application.
Help me please.

location = /THAT_FOLDER/ { return 404; }
Directives with the "=" prefix that match the query exactly (literal string).
If found, searching stops.
ref: http://wiki.nginx.org/HttpCoreModule#location

Related

Landing page in nginx, keep other urls

I have a Nginx + app in laravel. Right now it is working fine, but I need to show some important announcements to users - so I just create a simple index.html file.
How to setup Nginx to behave as follows:
when the user type "main URL" - example.org just display a static HTML with the temporary announcement
when the user types URL to something on the page - example.org/something - then just show him laravel app
Update # 2022.05.22
The following solution is not workable if the requested URI ends with a slash (which is exactly the case when a root request GET / HTTP/<version> is made). The reason is the index module (which is called before the static module) see that request URI ended with slash, checks it for being a directory and returns an error if it isn't. The right solution is to rewrite the URI to make it not ended with a slash, and provided below the not working one.
Not working
You can use an "exact match" location:
server {
...
location = / {
alias /full/path/to/your/stub.html;
}
# rest of the config remains as it was
location / {
...
}
location ~ \.php$ {
...
}
...
}
Using an alias directive you can specify any HTML file from any directory on your server no matter what your root directive is set to.
Working
location = / {
root /path/to/static; # needed only if the path differs from the global root
rewrite ^ /stub.html break;
}

Can't send auditlog with modsecurity with custom error pages

I'm using Modsecurity v3.0.3 with the blocking module and I need to get my auditlog.
Also, because I need it, I have to use some custom error pages.
Unfortunately, I have my logs, but I'm losing my auditlog.
I tried some forums' help, but it didn't work for me.
One of the forums : https://github.com/SpiderLabs/ModSecurity-nginx/issues/76
Here is the location configuration of my NGinx
Any help or starting point would be appreciated, thanks !
I had the same problem with ModSecurity 3.3.2 + nginx and custom errors, so leaving this here in case other people run into the same issue as it took me a while to find a solution.
The issue in my case was that I had the custom error in nginx return the message directly in the error location block, so something like:
error_page 400 #error400;
location #error_400 {
types {}
default_type application/json;
return 400 '{"message: WHATEVER ERROR"}'
}
So the solution in my case was to put that exact JSON message in a file and reference that file instead, so the above becomes:
error_page 400 /400.json;
location = /400.json {
types {}
default_type application/json;
root /usr/share/nginx/html/custom_errors/;
}
And in that root path I put the 400.json file with that exact error messsage:
cat /usr/share/nginx/html/custom_errors/400.json
{"message: WHATEVER ERROR"}
This brought back the SecAudit Logs from ModSecurity. Hope this helps someone.
Could you elaborate on "losing my auditlog"? This sounds as if you would see it for a moment, but then it disappears.
Also, you link to a very old ModSec issue that has been fixed and released in the meantime. Where is the connection?

Amazon S3 rewrote uploaded PDF names with "+" in the filename as "%2B", can't access them from nginx server

I'm using S3 Uploads to offload my WordPress Media Library to an S3 bucket. I used the AWS CLI to bulk migrate my local Media Files to the S3 bucket. So far so good.
Some of the existing PDFs in my library had "+" in the filename, example "mypdf+_name.pdf". When uploaded to S3, the object name was changed to "mypdf%2B_name.pdf". According to this thread, this seems to be a long-running thing.
I tried to set up an nginx config to rewrite anything in my WordPress Media Library that has a "+" in it to go to the corrected S3 URL:
location ~ "^/wp-content/uploads/(.*)$" {
location ~ "^/wp-content/uploads/(.*)\+(.*)$" {
rewrite "^/wp-content/uploads/(.*)\+(.*)$" "https://s3-us-west-2.amazonaws.com/mybucket/uploads/$1%2B$2" redirect;
}
}
This seems to perform the requested redirect, except the "+" is not getting rewritten as "%2B".
For example, "http://example.com/wp-content/uploads/2013/10/mypdf+_name.pdf" gets redirected to "https://s3-us-west-2.amazonaws.com/mybucket/uploads/2013/10/mypdf+_name.pdf". This returns an "AccessDenied" error from S3; when I manually change the "+" to "%2B" in the URL bar, my file displays as expected.
To test if there wasn't something else wrong with my configuration, I changed the redirect to some nonsense, keeping the "%2B":
location ~ "^/wp-content/uploads/(.*)$" {
location ~ "^/wp-content/uploads/(.*)\+(.*)$" {
rewrite "^/wp-content/uploads/(.*)\+(.*)$" "https://s3-us-west-2.amazonaws.com/mybucket/uploads/$1%2B$2blahblahblah" redirect;
}
}
This results in "http://example.com/wp-content/uploads/2013/10/mypdf+_name.pdf" -> "https://s3-us-west-2.amazonaws.com/mybucket/uploads/2013/10/mypdf+_name.pdfblahblahblah"
So my redirect is "working", but something along the way is choosing to keep "+" instead of translating it to "%2B".
How can I make nginx redirect my file to the correct URL?
Here's what ended up working for me:
location ~ "^/wp-content/uploads/(.*)\+(.*)$" {
if ($request_uri ~ "^/wp-content/uploads/(.*)\+(.*)$"){
set $modified_uri "/$1%2B$2";
return 302 https://s3-us-west-2.amazonaws.com/mybucket/uploads$modified_uri;
}
}
If anyone sees an obvious problem with this let me know. I know I've read using if blocks inside a location is bad but the documentation indicates using a return directive is kosher so I'm rolling with it for now.

Correct regex expression for the location block inorder to capture CSS and JS when the request URL changes

I have developed nginx config file order to cater some custom error pages. I have created two location blocks to capture the main index.html file and other location to capture the css/js and the images. I have created the cs and the js files seperately and called into the main index file due to the ease of use. But this work only for the following types of url
https://example.com
https://example.com/abcd/
But if the url cahnges to
https://exmaple.com/abcd/efgd/ or more the css and js won't be in the response.
The css/js and images are in a directory named techops-page-resources. So after checking bit on the issue I found that on the first two url it'll get https://exmaple.com/resources as expected when the given domain is not available. But on the other occasions it'll transformed into https://example.com/abcd/resources/ and this uri doesn't exist. So I've tried different regex patterns and none of them seem to work. The following are the location blocks that I have implemented to set the error pages up.
error_page 503 /pages/maintenance.html;
error_page 502 /pages/50x.html;
error_page 404 /pages/40x.html;
location /pages/ {
root /var/www/html/ErrorPages/;
}
location /techops-page-resources {
alias /var/www/html/ErrorPages/pages/techops-page-resources/;
}
}
What I expecting is whenever the 404 error returns I want the main index file to call the techops-page-resources and include them in the the final customized 404 error page as expected. But currently what I only receive is the basic index.html file which is in the pages directory. Is there a correct regex pattern to match only the techops-page-resource as a postfix match as follows
location **some_regex_pattern**/techops-page-resources {
alias /var/www/html/ErrorPages/pages/techops-page-resources/;
}
I would love to do this in this same architecture without using inline css or js

Clean URI/URL Nginx Rewrite for multiple pages & multiple variables

I am pretty much a moron with regex and I'm just getting started with a cloud-based Nginx server, which is a big change from administering my in-my-closet Apache server.
I'm trying to do rewrites to get clean URLs like this:
www.domain.com/folder/red/abc ---> www.domain.com/folder/red.cfm?query=abc
www.domain.com/folder/blue/ab/cd/ef ---> www.domain.com/folder/blue.cfm?name=ab&city=cd&state=ef
www.domain.com/folder/blue/ab ---> www.domain.com/folder/blue.cfm?name=ab
I'm basically trying to get rewrites of items after the "folder" subfolder to rewrite to static .cfm pages. Some of those .cfm pages have zero, one, two or three URL variables; the number of variables is not fixed or consistent.
I have been reading A LOT about rewrites and try_files, and I have tried, oh, a couple hundred different variations of rewrites, and I just can't seem to find the solution.
For example, I've tried:
location /folder/blue {
rewrite ^/folder/(.*)?$ /folder/blue.cfm?name=$1 last;
}
And this just gets me absolutely nowhere. I would post my entire conf file, but it is long due to other stuff that was added in by the default server setup.
I would love to make this string as simple as is humanly possible, but I really need help with this. I appreciate it!
For future reference, it would help having a spec.
It seems like this is the only spec you've provided:
www.domain.com/folder/red/abc ---> www.domain.com/folder/red.cfm?query=abc
www.domain.com/folder/blue/ab/cd/ef ---> www.domain.com/folder/blue.cfm?name=ab&city=cd&state=ef
www.domain.com/folder/blue/ab ---> www.domain.com/folder/blue.cfm?name=ab
The following solution should 100% satisfy the above "spec":
location /folder/red/ {
rewrite ^(/folder/\w+)/(\w*)$ $1.cfm?query=$2 last;
return 410;
}
location /folder/blue/ {
rewrite ^(/folder/\w+)/(\w*)$ $1.cfm?query=$2 last;
rewrite ^(/folder/blue)/(\w*)/(\w*)/(\w*)$ $1.cfm?query=$2&city=$3&state=$4 last;
return 410;
}

Resources