On Thu, Nov 12, 2020 at 07:17:46PM +0530, Kaushal Shriyan wrote:

Hi there,

> I am running the Nginx version: nginx/1.16.1 on CentOS Linux release
> 7.8.2003 (Core). I am trying to forbid/prevent web.config file to
> download it from the browser. When I hit
> https://mydomain.com/web.config it is allowing me to download instead of
> forbidding the page ( 403 Forbidden).

When I use this config, it works for me (I get the http 403 response).

Are you sure that the config file with this server{} block is read by
your running nginx?

Are there any other server{} blocks with the same (implicit) "listen"
directive, that might mean that this server{} block is never used?

What do you get if you do

curl -i -H Host:_ http://your-server/web.config

where the "Host:_" part is an attempt to match the server_name that you
set in this server{} block.

(Change "your-server" to be a name or IP that your client can use to get
at the web service.)

Cheers,

f
--
Francis Daly francis@daoine.org
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx