/media and /help external access

Hi Everyone,

I’ve seen that locations /media and /help have external access. Location /help works right away without any login. /media can provide external css data. For example if i go to https:/<server>/media/css/seahub.min.css?t=<number> it is accessible without login.

Would it be possible to allow /help and /media only internally in nginx? I have tried internal; which does not work. And allow 127.0.0.1; with deny all;. This stops css styles working.

Anyone know of another way to make the server more secure? I’d like only / to be accessible from outside, and all the other locations to block external access.

The static files are meant to be accessed without login. It does not compromise your security. Anyone can get these files (original ones) by downloading Seafile package from seafile.com. There is no secret to hidden.