NGINX how to deny access to dot files [LOGGED]

Is there a way to deny access to dot files (.user.ini, .htaccess) in the current NGINX implementation?

Even though .htaccess is not supported, many legacy installs have it and you can download them easily.

My current solution is to set permissions to 640 for the files.

I've logged a feature ticket for this. We'll probably default it to on and allow it to be disabled per website.

Your solution is good in the meantime.