A piece of Nginx configuration security reinforcement sharing code

The following is a piece of NGINX configuration code, which has a simple comment.
Everyone should remember the principle that the directory that can execute php programs must not allow read and write permissions, but the directory that can read and write (such as upload) must not be granted php Execution permissions.
 
 
This code section needs to be placed in the server segment (it is better to put it in front of location/{...}). You can also save it into a file and include it in each vhost.
 
 
 
 
#2011 (C) cnpanel
# Disable visitors without agent
If ($ http_user_agent ~ ^ $) {Return 412 ;}
# Disable possible Apache access files
Location ~ /\. Ht {deny all ;}
# Never can not visit or download files or DIRs starting #
Location ~ // # {Deny all ;}
# Disable risk request in some DIRs for secure
Location ~ */(Image | images | img | imgs | upload | uploads | upimg | upimgs | upfile | upfiles | down | download | downloads | attachment | attachments | js | css | style | styles | tpl | template | templates | theme | themes | view | views | lang | language | ages | setting | settings | app | apps | include | des | class | classes | mod | model | models | lib | libs | control | controls | source | sources | plugin | plugins | data | datas | database | tmp | temp | ipdata | html | avatar | avatars) /(. *)\. (php | php3 | php4 | php5 | cgi | asp | aspx | jsp | shtml | shtm | pl | cfm | SQL | mdb | dll | exe | com | inc | sh) $ {deny all ;}
 
 
 
 
Note. You can set the directory here if it is affected by the Directory of your program.
This is shared by netizens.