server {} 里加入以下内容:


if ($request_uri ~* (.*)\.(asp|aspx|jsp|bak|mdb|db|sql|conf|ini|cnf|old|tgz|7z|gz|tar\.gz)$){
           return 403;
}


curl 访问zip文件

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<h1>403 Forbidden</h1>
<p>You don't have permission to access the URL on this server.</body>
</html>


返回HTTP CODE  403