nginx-config/location/h5bp_protect-system-files.conf
# src=https://github.com/h5bp/server-configs-nginx/blob/master/h5bp/location/security_file_access.conf
# Prevent clients from accessing hidden files (starting with a dot)
# This is particularly important if you store .htpasswd files in the site hierarchy
# Access to `/.well-known/` is allowed.
location ~* /\.(?!well-known\/) {
deny all;
}
# Block access to files that can expose sensitive information.
location ~* (?:#.*#|\.(?:bak|conf|dist|fla|in[ci]|log|orig|psd|sh|sql|sw[op])|~)$ {
deny all;
}