The "no no for private" needed when private is outside root?

We encourage users to post events happening in the community to the community events group on https://www.drupal.org.
MatthijsG's picture

Is this piece of text needed in de .conf-file when the folder for private files is outside the root?

       # No no for private
        location ~ ^/sites/.*/private/ {
                return 403;
        }

The location for private files is /home/foobar/filesprotected
The location for Drupal is /home/foobar/drupal7/
For an anonymous visitor it isn't possible to directly enter /home/foobar/filesprotected (duh .. ;-)

Comments

no

perusio's picture

anyway returning a 403 is not the best option, but rather a 404. Furthermore the RFC says it.

Also it's better to mark it internal.

## No no for private
location ~ ^/sites/[^/]*/private/ {
    internal;
}

If the directory is outside of the web root, no.

Nginx

Group organizers

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds: