Add configuration to deny access to composer files, .git etc.

TheDMSGroup / mautic-eb

Mautic + Elastic Beanstalk = Scalable marketing automation

https://www.mautic.org

GNU General Public License v3.0

104 stars 27 forks source link

Add configuration to deny access to composer files, .git etc. #99

Open lavita-it opened 5 years ago

lavita-it commented 5 years ago

What type of report is this:

Q	A
Bug report?
Feature request?
Enhancement?	Y

Description:

When deploying as described a lot of config files would be public (composer.lock, composer.custom, composer.json, .git etc.). I think we would need an additional apache configuration file to deny access to those files.

If a bug:

Q	A
Mautic version	2.15.0
PHP version	7.2

Steps to reproduce:

Deploy to Elastic Beanstalk
Access http://your-domain.com/.git/config or /composer.json etc.

Log errors:

No errors

virgilwashere commented 4 years ago

This should achieve that for nginx

server-configs-nginx.

nginx deny location blocks

    # Deny all attempts to access hidden files/folders such as .git, .htaccess, .htpasswd, .DS_Store (Mac), etc...
    location ~ /\. {
        deny all;
        access_log off;
        log_not_found off;
    }

    # Deny yaml, twig, markdown, ini file access
    location ~* /.+\.(markdown|md|twig|yaml|yml|ini)$ {
        deny all;
        access_log off;
        log_not_found off;
    }

    # Deny all grunt, package files
    location ~* (Gruntfile|package)\.(js|json|jsonc)$ {
        deny all;
        access_log off;
        log_not_found off;
    }

    # Deny all composer files
    location ~* composer\. {
        deny all;
        access_log off;
        log_not_found off;
    }

rinaldipratama commented 2 years ago

This should achieve that for nginx

server-configs-nginx.

nginx deny location blocks

    # Deny all attempts to access hidden files/folders such as .git, .htaccess, .htpasswd, .DS_Store (Mac), etc...
    location ~ /\. {
        deny all;
        access_log off;
        log_not_found off;
    }

    # Deny yaml, twig, markdown, ini file access
    location ~* /.+\.(markdown|md|twig|yaml|yml|ini)$ {
        deny all;
        access_log off;
        log_not_found off;
    }

    # Deny all grunt, package files
    location ~* (Gruntfile|package)\.(js|json|jsonc)$ {
        deny all;
        access_log off;
        log_not_found off;
    }

    # Deny all composer files
    location ~* composer\. {
        deny all;
        access_log off;
        log_not_found off;
    }

Thank you so much! It worked 😀