thedod/Makefile

## README.md

      
    Raw
  

              README.md
            
          
    This variaton on the lafs-rpg nginx rules lets you have a folder that (hopefully) can't be browsed.
Example:

You can see https://dubiousdod.org/blog/drafts/example-draft-post.html (redirects to a long url with a dircap and then some)
If you try to see the drafts/ folder, you'll be redirected to [the empty] index.html
If you try changing the DIR2-RO in the URL to CHK, SSK, etc. and peek at the dircap as a file, what you get is what you deserve (WYGIWYD)

Hope I did this right and didn't miss anything.

  
## Makefile
# Now that it works, here's how I've tweaked the Pelican Makefile:
# The find line creates an empty index.html if needed

#...
html: clean $(OUTPUTDIR)/index.html
        find $(OUTPUTDIR) -type d -exec touch '{}/index.html' \;
        @echo 'Done'
#...

## nginx.txt
  ### Blog browse-me-not mountpoint
  location ~ ^/blog {
    limit_except HEAD GET { deny all; }
    rewrite ^/blog/?$ /uri/URI:DIR2-RO:r7xnodn7et6d3ex44p77qk4eka:nvca4ivhhm2an3eafzpg7wpppy7osgyxvngng5uriqjv2qkcag6a/Latest/index.html redirect;
    rewrite ^/blog/(.*)$ /uri/URI:DIR2-RO:r7xnodn7et6d3ex44p77qk4eka:nvca4ivhhm2an3eafzpg7wpppy7osgyxvngng5uriqjv2qkcag6a/Latest/$1 redirect;
  }
  # Redirect folders under /blog/ to index.html
  location ~ ^/uri/URI:DIR2-RO:r7xnodn7et6d3ex44p77qk4eka:nvca4ivhhm2an3eafzpg7wpppy7osgyxvngng5uriqjv2qkcag6a/
  {
    limit_except HEAD GET { deny all; }
    rewrite ^(.*)/$ $1/index.html redirect;
    proxy_pass http://127.0.0.1:3456 ;
  }
  # Prevent CHK/SSK/etc. attempts to get folder information
  location ~ ^/[^/]*/[^:]*:[^:]*:r7xnodn7et6d3ex44p77qk4eka:nvca4ivhhm2an3eafzpg7wpppy7osgyxvngng5uriqjv2qkcag6a
  {
    limit_except HEAD GET { deny all; }
    rewrite ^ /static/go-home-script-kiddie.png redirect;
  }

  ### proxy all other WAPI directives
  location ~ ^/(uri|cap|file|named|static|status)/ # status is not necessary, but it's nice to share :)
  {
    limit_except HEAD GET { deny all; }
    proxy_pass http://127.0.0.1:3456 ;
  }
	# Now that it works, here's how I've tweaked the Pelican Makefile:
	# The find line creates an empty index.html if needed

	#...
	html: clean $(OUTPUTDIR)/index.html
	find $(OUTPUTDIR) -type d -exec touch '{}/index.html' \;
	@echo 'Done'
	#...
	### Blog browse-me-not mountpoint
	location ~ ^/blog {
	limit_except HEAD GET { deny all; }
	rewrite ^/blog/?$ /uri/URI:DIR2-RO:r7xnodn7et6d3ex44p77qk4eka:nvca4ivhhm2an3eafzpg7wpppy7osgyxvngng5uriqjv2qkcag6a/Latest/index.html redirect;
	rewrite ^/blog/(.*)$ /uri/URI:DIR2-RO:r7xnodn7et6d3ex44p77qk4eka:nvca4ivhhm2an3eafzpg7wpppy7osgyxvngng5uriqjv2qkcag6a/Latest/$1 redirect;
	}
	# Redirect folders under /blog/ to index.html
	location ~ ^/uri/URI:DIR2-RO:r7xnodn7et6d3ex44p77qk4eka:nvca4ivhhm2an3eafzpg7wpppy7osgyxvngng5uriqjv2qkcag6a/
	{
	limit_except HEAD GET { deny all; }
	rewrite ^(.*)/$ $1/index.html redirect;
	proxy_pass http://127.0.0.1:3456 ;
	}
	# Prevent CHK/SSK/etc. attempts to get folder information
	location ~ ^/[^/]/[^:]:[^:]*:r7xnodn7et6d3ex44p77qk4eka:nvca4ivhhm2an3eafzpg7wpppy7osgyxvngng5uriqjv2qkcag6a
	{
	limit_except HEAD GET { deny all; }
	rewrite ^ /static/go-home-script-kiddie.png redirect;
	}

	### proxy all other WAPI directives
	location ~ ^/(uri\|cap\|file\|named\|static\|status)/ # status is not necessary, but it's nice to share :)
	{
	limit_except HEAD GET { deny all; }
	proxy_pass http://127.0.0.1:3456 ;
	}