Posted by MatthijsG on February 25, 2014 at 11:58am
Is this piece of text needed in de .conf-file when the folder for private files is outside the root?
# No no for private
location ~ ^/sites/.*/private/ {
return 403;
}
The location for private files is /home/foobar/filesprotected
The location for Drupal is /home/foobar/drupal7/
For an anonymous visitor it isn't possible to directly enter /home/foobar/filesprotected (duh .. ;-)
Comments
no
anyway returning a 403 is not the best option, but rather a 404. Furthermore the RFC says it.
Also it's better to mark it
internal
.## No no for private
location ~ ^/sites/[^/]*/private/ {
internal;
}
If the directory is outside of the web root, no.