nginx security warning

  • Resolved izuio

    (@izuio)


    5 years, 1 month ago

    plugin looks nice so far thanks:

    I am getting this message Smart Cookie Kit protects the log directory with a “.htaccess” file but NGINX does not support this kind of approach.
    In order to protect the log directory, your server administrator should add some rules in your vhost configuration file.

    surprisingly I was unable to find anything in the FAQ

    # Example rule to deny access to the cookie preferences log directory

    location ~ /wp-content/cookie-preferences-log/(.*) {
  deny all;
  return 403;
}

    Before I go to server admin and ask – is there a reference somewhere which explains why this is a good idea ?

    thanks

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Nicola Modugno

    (@shark986)

    Hello @izuio,

    as a site admin, you can not manage NGINX rules; if you are managing your hosting space with NGINX on your own (so you are the server admin), you should know how to apply the example rule I have suggested or create a better version for your server configuration.

    I think that there is not much to say. What kind of details do you expect to find in the FAQ, other than those you have reported in the post?

    Let me know, I will be glad to add useful details.

    What are you referring to with “… which explains why this is a good idea?”.

    Nicola.

    Plugin Author Nicola Modugno

    (@shark986)

    @izuio i was checking opened threads…

    Before I go to server admin and ask – is there a reference somewhere which explains why this is a good idea ?

    If you refer to the reason for which you should contact the server admin, well, let me say that it is not a suggestion. That is really really important!!
    The reason is simple: in the “cookie-preferences-log” directory there are data that the GDPR calls “sensitive data”, so you MUST protect that directory from unauthorized access. To protect that directory you have to call the server admin because the plugin can not automatically protect it (as it does when the server runs Apache web server).

    Hope that this answer clarifies a bit.

    Nicola

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘nginx security warning’ is closed to new replies.

Tags