Secure certain directories?


#1

Should I disallow access to certain piwik directories in nginx? Are user uploads allowed anywhere?


(Matthieu Aubry) #2

see the NGINX piwik configuration GitHub - perusio/piwik-nginx: Nginx configuration for running Piwik


#3

Thank you Matt, but I can’t find anything in there that seems specific to Piwik. I have nginx running Piwik but I’m wondering if there are nginx configuration additions I should make for securing it. For most webapps, there seem to be a few directories to deny access to.


#4

I’ve been over that page carefully and I’d like to implement two items from the “Features” list:

“Hiding of all text files.”

“Restricted handling of PHP files. Only index.php and piwik.php are allowed. All other attempts to run a PHP file return a 404.”

But there is no other mention of them on the page. How are they accomplished?


#5

what about .htacess?


#6

Personally I use nginx so .htaccess isn’t an issue. I could sure use some more info on the two issues I mentioned above. I’m surprised that crucial security info is so inaccessible.