I am logging to debug file
wp-content/debug.log
but any user can download the file, if they put the url on their browser. How could I prevent access to this file using Nginx?
1
I’ve frequently seen this used in Apache 2.2:
<Files "debug.log">
Order allow,deny
Deny from all
</Files>
but that’s deprecated in Apache 2.4:
The
Allow
,Deny
, andOrder
directives, provided bymod_access_compat
,
are deprecated and will go away in a future version. You should avoid
using them, and avoid outdated tutorials recommending their use.
I just tested with the Require directive in Apache 2.4:
Require all denied
Access is denied unconditionally.
with:
<Files "debug.log">
Require all denied
</Files>
and it seems to block it with 403 forbidden.
Note that it will block access from example.tld/debug.log
, example.tld/wp-content/debug.log
etc.
Update
I just noticed that you mentioned NginX, so I tested various location patterns and this seems to work:
location ~* /debug\.log$
{
deny all;
}
where the ~*
modifier is for case insensitive regular expression matching.