Security and exclusions restructure

global/security.conf

@@ -1,16 +1,3 @@
-# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
-# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
-location ~ /\. {
-	deny all;
-}
-
-# Deny access to any files with a .php extension in the uploads directory
-# Works in sub-directory installs and also in multisite network
-# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
-location ~* /(?:uploads|files)/.*\.php$ {
-	deny all;
-}
-
 # Hide Nginx version in error messages and reponse headers.
 server_tokens off;
 

per-site/exclusions.conf

@@ -0,0 +1,30 @@
+# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
+# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
+location ~ /\. {
+	deny all;
+}
+
+# Deny access to any files with a .php extension in the uploads directory
+# Works in sub-directory installs and also in multisite network
+# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
+location ~* /(?:uploads|files)/.*\.php$ {
+	deny all;
+}
+
+# Don't record error/access logs for favicon.io.
+location = /favicon.ico {
+	log_not_found off;
+	access_log off;
+}
+
+# Don't record error/access logs for robots.txt.
+location = /robots.txt {
+	log_not_found off;
+	access_log off;
+}
+
+# Don't record error/access logs for static assets.
+location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc|css|js)$ {
+    log_not_found off;
+    access_log off;
+}

per-site/logs.conf

@@ -1,17 +0,0 @@
-# Don't record error/access logs for favicon.io.
-location = /favicon.ico {
-	log_not_found off;
-	access_log off;
-}
-
-# Don't record error/access logs for robots.txt.
-location = /robots.txt {
-	log_not_found off;
-	access_log off;
-}
-
-# Don't record error/access logs for static assets.
-location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc|css|js)$ {
-    log_not_found off;
-    access_log off;
-}

sites-available/fastcgi-cache.com

@@ -20,8 +20,8 @@ server {
 	access_log /sites/fastcgi-cache.com/logs/access.log;
 	error_log /sites/fastcgi-cache.com/logs/error.log;
 
-	# Log exclusions
-	include per-site/logs.conf;
+	# Exclusions
+	include per-site/exclusions.conf;
 
 	# Cache static content
     include per-site/cache.conf;

sites-available/multisite-subdirectory.com

@@ -15,8 +15,8 @@ server {
 	access_log /sites/multisite-subdirectory.com/logs/access.log;
 	error_log /sites/multisite-subdirectory.com/logs/error.log;
 
-	# Log exclusions
-	include per-site/logs.conf;
+	# Exclusions
+	include per-site/exclusions.conf;
 
     # Cache static content
     include per-site/cache.conf;

sites-available/multisite-subdomain.com

@@ -15,8 +15,8 @@ server {
 	access_log /sites/multisite-subdomain.com/logs/access.log;
 	error_log /sites/multisite-subdomain.com/logs/error.log;
 
-	# Log exclusions
-	include per-site/logs.conf;
+	# Exclusions
+	include per-site/exclusions.conf;
 
 	# Cache static content
     include per-site/cache.conf;

sites-available/singlesite.com

@@ -15,8 +15,8 @@ server {
 	access_log /sites/singlesite.com/logs/access.log;
 	error_log /sites/singlesite.com/logs/error.log;
 
-	# Log exclusions
-	include per-site/logs.conf;
+	# Exclusions
+	include per-site/exclusions.conf;
 
 	# Cache static content
     include per-site/cache.conf;

sites-available/ssl.com

@@ -20,8 +20,8 @@ server {
 	access_log /sites/ssl.com/logs/access.log;
 	error_log /sites/ssl.com/logs/error.log;
 
-	# Log exclusions
-    include per-site/logs.conf;
+	# Exclusions
+    include per-site/exclusions.conf;
 
 	# Cache static content
     include per-site/cache.conf;