From cc31e34af09fb76f8b5a75b4546d7aaaeef14867 Mon Sep 17 00:00:00 2001
From: joglomedia <eslabs.id@gmail.com>
Date: Thu, 24 Oct 2019 00:35:38 +0700
Subject: [PATCH] update nginx restriction rules

---
 etc/nginx/includes/rules_restriction.conf | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/etc/nginx/includes/rules_restriction.conf b/etc/nginx/includes/rules_restriction.conf
index 2c78b61..167878b 100644
--- a/etc/nginx/includes/rules_restriction.conf
+++ b/etc/nginx/includes/rules_restriction.conf
@@ -65,7 +65,7 @@ location ~* /(.*)\.(?:markdown|md|twig|yaml|yml|ini|log)$ {
 }
 
 # Deny access to all packages manager file, such as grunt or composer file.
-location ~* (Gruntfile|package|composer)\.(js|json)$ {
+location ~* (Gruntfile|package|composer)\.(js|json|lock)$ {
     deny all;
     access_log off;
     log_not_found off;
@@ -81,24 +81,24 @@ location ~* /(?:uploads|files)/.*\.php$ {
 }
 
 # Deny access to PHP file in site files directory.
-location ~ ^/sites/.*/private/ {
+location ~* ^/sites/.*/private/ {
     deny all;
 }
+
 location ~* ^/sites/[^/]+/files/.*\.php$ {
     deny all;
 }
 
 # Deny access to WordPress-related stuff.
+location ~ (license|readme)\.(html|txt)$ {
+    deny all;
+}
+
 location ~ wp-config.php {
     deny all;
 }
-location ~ readme.html {
-    deny all;
-}
-location ~ readme.txt {
-    deny all;
-}
-location ~* ^/wp-content/backup-db/ {
+
+location ~ ^/wp-content/backup-db/ {
     deny all;
 }