NGINX - Non default behaviour - files within "root" directory and subfolders are served if no location is defined

[belotv]

Describe the bug When defining an "HTTP Server" with no location, all files within the File System Root are made available

To Reproduce Steps to reproduce the behavior:

1. Create a new "HTTP Server" and set "File System Root" to an existing folder containing a folder "img" with a picture called "test.jpg"
2. Enable NGINX
3. Connect to http://server:port/img/test.jpg

Expected behavior Error page shall be displayed as access to this location was not explicitly authorized.

Actual behavior The "test.jpg" is loaded.

Additional context Nginx normally requires the try_files directive or autoindex of subdirectories to be enabled to serve static content in subfolders.

Environment OPNsense 24.1.8 (amd64).

[OPNsense-bot]

Thank you for creating an issue. Since the ticket doesn't seem to be using one of our templates, we're marking this issue as low priority until further notice.

For more information about the policies for this repository, please read https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md for further details.

The easiest option to gain traction is to close this ticket and open a new one using one of our templates.

[fabianfrz]

Incorrect, that is exactly the desired behaviour. the root says that this should be used to lookup resources in that directory.

try_files is to say if it is not there, try something else so it is to provide an alternative to the default behaviour to just serve static files. this is usually used to speed up static file loading.

autoindex creates an index with a file listing if you try to open a directory without an index.html or simmilar file.

[fabianfrz]

since I cannot do that by myself, please close.