# Global restrictions configuration file.
# Designed to be included in any server {} block.
location = /favicon.ico {
    log_not_found off;
    access_log off;
}
location = /robots.txt {
    try_files $uri /index.php?$args;
    allow all;
    log_not_found off;
    access_log off;
}

location ~ \.well-known{
    allow all;
}

# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
location ~ /\. {
    deny all;
}

# Deny access to any files with a .php extension in the uploads directory
# Works in sub-directory installs and also in multisite network
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
location ~* /(?:uploads|files)/.*\.php$ {
    deny all;
}

## Deny access to svn / git
location ~ /\.(svn|git)/* {
    deny all;
    access_log off;
    log_not_found off;
}