Open lavita-it opened 5 years ago
This should achieve that for nginx
# Deny all attempts to access hidden files/folders such as .git, .htaccess, .htpasswd, .DS_Store (Mac), etc...
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
# Deny yaml, twig, markdown, ini file access
location ~* /.+\.(markdown|md|twig|yaml|yml|ini)$ {
deny all;
access_log off;
log_not_found off;
}
# Deny all grunt, package files
location ~* (Gruntfile|package)\.(js|json|jsonc)$ {
deny all;
access_log off;
log_not_found off;
}
# Deny all composer files
location ~* composer\. {
deny all;
access_log off;
log_not_found off;
}
This should achieve that for nginx
nginx deny location blocks
# Deny all attempts to access hidden files/folders such as .git, .htaccess, .htpasswd, .DS_Store (Mac), etc... location ~ /\. { deny all; access_log off; log_not_found off; } # Deny yaml, twig, markdown, ini file access location ~* /.+\.(markdown|md|twig|yaml|yml|ini)$ { deny all; access_log off; log_not_found off; } # Deny all grunt, package files location ~* (Gruntfile|package)\.(js|json|jsonc)$ { deny all; access_log off; log_not_found off; } # Deny all composer files location ~* composer\. { deny all; access_log off; log_not_found off; }
Thank you so much! It worked 😀
What type of report is this:
Description:
When deploying as described a lot of config files would be public (composer.lock, composer.custom, composer.json, .git etc.). I think we would need an additional apache configuration file to deny access to those files.
If a bug:
Steps to reproduce:
Log errors:
No errors