Should I disallow access to certain piwik directories in nginx? Are user uploads allowed anywhere?
see the NGINX piwik configuration GitHub - perusio/piwik-nginx: Nginx configuration for running Piwik
Thank you Matt, but I can’t find anything in there that seems specific to Piwik. I have nginx running Piwik but I’m wondering if there are nginx configuration additions I should make for securing it. For most webapps, there seem to be a few directories to deny access to.
I’ve been over that page carefully and I’d like to implement two items from the “Features” list:
“Hiding of all text files.”
“Restricted handling of PHP files. Only index.php and piwik.php are allowed. All other attempts to run a PHP file return a 404.”
But there is no other mention of them on the page. How are they accomplished?
what about .htacess?
Personally I use nginx so .htaccess isn’t an issue. I could sure use some more info on the two issues I mentioned above. I’m surprised that crucial security info is so inaccessible.