Secure certain directories?

Should I disallow access to certain piwik directories in nginx? Are user uploads allowed anywhere?

see the NGINX piwik configuration GitHub - perusio/piwik-nginx: Nginx configuration for running Piwik

Thank you Matt, but I can’t find anything in there that seems specific to Piwik. I have nginx running Piwik but I’m wondering if there are nginx configuration additions I should make for securing it. For most webapps, there seem to be a few directories to deny access to.

I’ve been over that page carefully and I’d like to implement two items from the “Features” list:

“Hiding of all text files.”

“Restricted handling of PHP files. Only index.php and piwik.php are allowed. All other attempts to run a PHP file return a 404.”

But there is no other mention of them on the page. How are they accomplished?

what about .htacess?

Personally I use nginx so .htaccess isn’t an issue. I could sure use some more info on the two issues I mentioned above. I’m surprised that crucial security info is so inaccessible.