From b9641c487eabc78ec442b8b5d91df2b27a42a17c Mon Sep 17 00:00:00 2001
From: Ashley Rich <hello@ashleyrich.com>
Date: Sat, 25 Apr 2020 10:20:40 +0100
Subject: [PATCH] Improve default exclusions

---
 global/server/exclusions.conf | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/global/server/exclusions.conf b/global/server/exclusions.conf
index 19fb359..7269847 100644
--- a/global/server/exclusions.conf
+++ b/global/server/exclusions.conf
@@ -1,6 +1,11 @@
 # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
 # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
-location ~ /\. {
+location ~* /\.(?!well-known\/) {
+	deny all;
+}
+
+# Prevent access to certain file extensions
+location ~\.(ini|log|conf)$ {
 	deny all;
 }