Nginx – Prevent Access to Debug file [closed]

I am logging to debug file

wp-content/debug.log

but any user can download the file, if they put the url on their browser. How could I prevent access to this file using Nginx?

1
1

I’ve frequently seen this used in Apache 2.2:

<Files "debug.log">
    Order allow,deny
    Deny from all
</Files>

but that’s deprecated in Apache 2.4:

The Allow, Deny, and Order directives, provided by mod_access_compat,
are deprecated and will go away in a future version. You should avoid
using them, and avoid outdated tutorials recommending their use.

I just tested with the Require directive in Apache 2.4:

Require all denied
Access is denied unconditionally.

with:

<Files "debug.log">
   Require all denied
</Files>

and it seems to block it with 403 forbidden.

Note that it will block access from example.tld/debug.log, example.tld/wp-content/debug.log etc.

Update

I just noticed that you mentioned NginX, so I tested various location patterns and this seems to work:

location ~* /debug\.log$
{
    deny  all;
}

where the ~* modifier is for case insensitive regular expression matching.

Leave a Comment