From 08ade5cd1e7b4e6429fec3fd7fc1080decd3e3ac Mon Sep 17 00:00:00 2001
From: cwivagg <cwivagg@gmail.com>
Date: Sat, 7 Jan 2023 07:42:17 -0500
Subject: [PATCH] Update matomo-nginx.conf.j2

Fix security problems noted in https://github.com/iiab/iiab/issues/3441.
---
 roles/matomo/templates/matomo-nginx.conf.j2 | 1 +
 1 file changed, 1 insertion(+)

diff --git a/roles/matomo/templates/matomo-nginx.conf.j2 b/roles/matomo/templates/matomo-nginx.conf.j2
index 0a7b91609..8ec494bc0 100644
--- a/roles/matomo/templates/matomo-nginx.conf.j2
+++ b/roles/matomo/templates/matomo-nginx.conf.j2
@@ -10,6 +10,7 @@ location ~ ^/matomo(.*)\.php(.*)$ {
     fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
     fastcgi_param SCRIPT_NAME     $fastcgi_script_name;
     fastcgi_param PATH_INFO       $2;
+    location ~ ^/matomo/(config|tmp|core|lang) { deny all; return 403; }
 }
 
 location ~ ^/matomo(/)? {