#
# Default Server Security and Access Restrictions
#

#
# Limit allowed HTTP methods
#
# Available methods:
#  GET, HEAD, POST, PUT, DELETE, MKCOL, COPY, MOVE, OPTIONS, PROPFIND,
#  PROPPATCH, LOCK, UNLOCK, or PATCH.
#
# Note that Nginx never allows the TRACE method (hard-coded)
#
# Only allow GET, HEAD and POST requests.
#location ~ / {
#    limit_except GET POST OPTIONS {
#        deny all;
#    }
#}

# Prevent clients from accessing (hidden) files starting with a dot
# (i.e .htaccess, .htpasswd). Access to `/.well-known/` is allowed.
location ~* /\.(?!well-known\/) {
  deny all;
}

#
# Prevent clients from accessing backup/config/source files
location ~* (?:\.(?:bak|config|sql|fla|psd|ini|log|sh|inc|swp|dist)|~)$ {
    deny all;
}