From acc62f2ec2c10dc5a6295ceb19123b900774b81a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9gis=20Hanol?= <regis@hanol.fr>
Date: Wed, 3 Dec 2014 12:47:28 +0100
Subject: [PATCH] SECURITY: prevent direct download of backups

---
 config/nginx.sample.conf | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/config/nginx.sample.conf b/config/nginx.sample.conf
index 39a02ef63..434a3ec88 100644
--- a/config/nginx.sample.conf
+++ b/config/nginx.sample.conf
@@ -58,6 +58,11 @@ server {
   # further more etags are based on the file in nginx not sha of data
   # use dates, it solves the problem fine even cross server
   etag off;
+  
+  # prevent direct download of backups
+  location ^~ /backups/ {
+    internal;
+  }
 
   location / {
     root $public;