I was planning on denying access to /inc from everyone but 127.0.0.1. Any other helpful security tips for the web server? I have a nice firewall etc already.
Deny all but your own IP to the admin folder.
Tor auto block could also be smart.
There's not much else you can secure on nginx.
Already got fixpath set to 0, and locking the admin folder to my IP range is probably a nice idea too (my IP is dynamic but I know the range).
http://community.mybb.com/inc/
I know MyBB blocks all access to /inc directly, and that isn't with all boards by default so I'd assume that may assist a bit? Only if file permissions are messed up or some plugin doesn't have a defined thing at the top, but it's something I guess, if that won't help then anything else that can help me? Or am I basically as secure as it gets for nginx setup.
Yeah, so is blocking /inc from all ips but 127.0.0.1 a good idea?
I block /inc from everyone, nothing should be directly loading files from there.
(2014-07-23, 05:02 PM)Robust Wrote: [ -> ]Yeah, so is blocking /inc from all ips but 127.0.0.1 a good idea?
You don't need to allow 127.0.0.1. Using require/include in a php script is not the same as loading a website. The files in inc should never be getting web request, at all.
Just set inc to internal, same with admin/inc.