deny vendor, composer.json, changelog.md etc. in nginx config sample

2025-04-26 09:19:22 +02:00 · 2024-04-06 19:51:34 +02:00 · 2024-04-06 19:51:34 +02:00 · 8b0b123f42
commit 8b0b123f42
parent f98332c698
1 changed files with 9 additions and 2 deletions
--- a/nginx-sample.conf
+++ b/nginx-sample.conf
@ -13,9 +13,16 @@ server {
 		return 404;
 	}

-	# block .htaccess
-	location ~ /\.ht {
+	location /vendor {
 		deny all;
+		return 404;
+	}
+
+	# block .htaccess, CHANGELOG.md, composer.json etc.
+	# this is to prevent finding software versions
+	location ~\.(ht|md|json|dist)$ {
+		deny all;
+		return 404;
 	}

 	# block git files and folders