Security Tweak to Prevent Information Disclosure

Where do I place the code that is shown in order to prevent information disclosure? The page given here which states to copy the generated code into your site specific .conf file usually located in a subdirectory under /etc/nginx/... or /usr/local/nginx/conf/...:

  • Huberson
    • Recruit

    Hello Kelly
    If you server is Apache this could be added automatically to .htaccess. In case of nginx you need to access the site configuration file from the server as suggested from Defender.

    To do that go to your server root directory(not the site root) under 'etc/ngnix' by default and look for a '.conf' file that contains that line:
    location ~ \.php$ {
    That line is usually inside 'nginx.conf' file or in a file included inside 'nginx.conf' that is located under sites-available folder.

    If your server admin setup things differently the location of the file might be different. So you could ask for the location of the site configuration file. It should contain the 'location ~ \.php$ {' line that Defender code should go above.

    In case you're not sure of the location it's best requesting your system admin or host to do that. Also make sure to backup the original file before editing.


Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.