Add a message rewrite rule, add a few more deny rules and replaces spaces with tabs.

centos/resources/nginx/fusionpbx

@@ -2,6 +2,7 @@
 server {
 	listen 127.0.0.1:80;
 	server_name 127.0.0.1;
+
 	access_log /var/log/nginx/access.log;
 	error_log /var/log/nginx/error.log;
 
@@ -31,11 +32,21 @@ server {
 	location ~^.+.(db)$ {
 			deny all;
 	}
+	location ~ /\.git {
+		deny all;
+	}
+	location ~ /\.lua {
+		deny all;
+	}
+	location ~ /\. {
+		deny all;
+	}
 }
 
 server {
 	listen 80;
 	server_name fusionpbx;
+
 	if ($uri !~* ^.*(provision|xml_cdr).*$) {
 		rewrite ^(.*) https://$host$1 permanent;
 		break;
@@ -47,8 +58,8 @@ server {
 		break;
 	}
 
-        #algo
-        rewrite "^.*/provision/algom([A-Fa-f0-9]{12})(\.(conf))?$" /app/provision/?mac=$1;
+	#algo
+	rewrite "^.*/provision/algom([A-Fa-f0-9]{12})(\.(conf))?$" /app/provision/?mac=$1;
 
 	#mitel
 	rewrite "^.*/provision/MN_([A-Fa-f0-9]{12})\.cfg" /app/provision/index.php?mac=$1&file=MN_%7b%24mac%7d.cfg last;
@@ -123,11 +134,21 @@ server {
 	location ~^.+.(db)$ {
 		deny all;
 	}
+	location ~ /\.git {
+		deny all;
+	}
+	location ~ /\.lua {
+		deny all;
+	}
+	location ~ /\. {
+		deny all;
+	}
 }
 
 server {
 	listen 443;
 	server_name fusionpbx;
+
 	ssl                     on;
 	ssl_certificate         /etc/ssl/certs/nginx.crt;
 	ssl_certificate_key     /etc/ssl/private/nginx.key;
@@ -140,8 +161,11 @@ server {
 		break;
 	}
 
-        #algo
-        rewrite "^.*/provision/algom([A-Fa-f0-9]{12})(\.(conf))?$" /app/provision/?mac=$1;
+	#message media
+	rewrite "^/app/messages/media/(.*)/(.*)" /app/messages/message_media.php?id=$1&action=download last;
+
+	#algo
+	rewrite "^.*/provision/algom([A-Fa-f0-9]{12})(\.(conf))?$" /app/provision/?mac=$1;
 
 	#mitel
 	rewrite "^.*/provision/MN_([A-Fa-f0-9]{12})\.cfg" /app/provision/index.php?mac=$1&file=MN_%7b%24mac%7d.cfg last;
@@ -226,4 +250,13 @@ server {
 	location ~^.+.(db)$ {
 		deny all;
 	}
+	location ~ /\.git {
+		deny all;
+	}
+	location ~ /\.lua {
+		deny all;
+	}
+	location ~ /\. {
+		deny all;
+	}
 }