Ops One AG

You can subscribe via RSS

Monday 26th March 2018

Managed Server Version 5: remove global nginx config for TYPO3 secure_downloads extension, scheduled 2 years ago

We have removed the following location from our global nginx configuration:

location ~* "(^|/)(typo3(conf)?(/.*|)/(private|tests|build)|secure_[^/]+|(?!css_secure)[^/]*_secure|\.)/" {
  deny all;

The configuration was originally created for the TYPO3 extension secure_downloads, but was never documented. As we ran into some problems with other applications, and this setting was required for a very limited number of sites, we decided to remove it altogether. We talked to all affected customers already and applied custom configurations on every affected website.

As of now, please add corresponding deny rules within the local configuration if you want to protect a certain directory.