Nginx alias traversal

Our arcbweb nginx configuration is vulnerable to nginx alias traversal. I haven't been able to travel multiple levels, presumably due to merge_slashes: on;.

BlackHat presentation: https://i.blackhat.com/us-18/Wed-August-8/us-18-Orange-Tsai-Breaking-Parser-Logic-Take-Your-Path-Normalization-Off-And-Pop-0days-Out-2.pdf

Examples:

• https://archlinux.org/iso../iso/2021.03.01/archlinux-2021.03.01-x86_64.iso
• https://archlinux.org/pacman../netcfg/