diff --git a/Nginx/Server Blocks/edu.libraryofcode.org.conf b/Nginx/Server Blocks/edu.libraryofcode.org.conf
index 73d9162..3f335b7 100644
--- a/Nginx/Server Blocks/edu.libraryofcode.org.conf	
+++ b/Nginx/Server Blocks/edu.libraryofcode.org.conf	
@@ -10,6 +10,8 @@ server {
 
     index index.html index.htm index.php;
 
+    error_page 404 /error/index.php;    error_page 403 =404 /error/index.php;
+
     location ~ [^/]\.php(/|$) {
         fastcgi_split_path_info ^(.+\.php)(/.+)$;
         fastcgi_index index.php;
@@ -17,5 +19,24 @@ server {
         include fastcgi_params;
         fastcgi_param PATH_INFO $fastcgi_path_info;
         fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_read_timeout 300;
+        proxy_read_timeout 300;
+    }
+
+    location /dataroot/ {
+        internal;
+        alias /opt/moodledata/; # ensure the path ends with /
+    }
+
+    # Hide all dot files but allow "Well-Known URIs" as per RFC 5785
+    location ~ /\.(?!well-known).* {
+        return 404;
+    }
+
+    # This should be after the php fpm rule and very close to the last nginx ruleset.
+    # Don't allow direct access to various internal files. See MDL-69333
+    location ~ (/vendor/|/node_modules/|composer\.json|/readme|/README|readme\.txt|/upgrade\.txt|db/install\.xml|/fixtures/|/behat/|phpunit\.xml|\.lock|environment\.xml) {
+        deny all;
+        return 404;
     }
 }