The "no no for private" needed when private is outside root?

Events happening in the community are now at Drupal community events on www.drupal.org.
MatthijsG's picture

Is this piece of text needed in de .conf-file when the folder for private files is outside the root?

       # No no for private
        location ~ ^/sites/.*/private/ {
                return 403;
        }

The location for private files is /home/foobar/filesprotected
The location for Drupal is /home/foobar/drupal7/
For an anonymous visitor it isn't possible to directly enter /home/foobar/filesprotected (duh .. ;-)

Comments

no

perusio's picture

anyway returning a 403 is not the best option, but rather a 404. Furthermore the RFC says it.

Also it's better to mark it internal.

## No no for private
location ~ ^/sites/[^/]*/private/ {
    internal;
}

If the directory is outside of the web root, no.

Nginx

Group organizers

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds: