| Beats me. I thought the 404 is what you get with the deny access. I'm sure my nginx skills are worse than yours. ;-) At one time I had a long list of deny addresses on nginx, but nginx does some processing before finally denying access. I ended up just doing blanket denials in the firewall, with the assumption that the firewall, being essentially legacy code, is more efficient. I use a map to block requests like /usr and other Unix directories. I'm assuming they are looking for installations where the web root is in a poor location. I've also seen /backup. All that crude hacking shows up as 404s. I seriously doubt these jerks hit pay dirt. I'm assuming /secret is just a placeholder. I would use a password generator to create a high entropy phrase. (I've been getting blogger referrals that employ the high entropy phrase making them essentially impossible to filter unless you want to block all referrals from blogger. )
On 20 May 2017 at 08:00, <li...@lazygranch.com> wrote: My experience with deny in nginx is the url isn't hidden So you don't want to just restrict access but you want to send a 404 not found unless they come from a specific ip address. I think you should be able to ... but my nginx skills are not that good for now.. :) | ||
_______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
