From f837b3133d970f8e3331b35ceda4695eb32d99fe Mon Sep 17 00:00:00 2001
From: slawkens <slawkens@gmail.com>
Date: Sat, 6 Apr 2024 19:51:34 +0200
Subject: [PATCH] deny vendor, composer.json, changelog.md etc. in nginx config
 sample

---
 nginx-sample.conf | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/nginx-sample.conf b/nginx-sample.conf
index e601abcb..fb3967b5 100644
--- a/nginx-sample.conf
+++ b/nginx-sample.conf
@@ -13,9 +13,16 @@ server {
 		return 404;
 	}
 
-	# block .htaccess
-	location ~ /\.ht {
+	location /vendor {
 		deny all;
+		return 404;
+	}
+
+	# block .htaccess, CHANGELOG.md, composer.json etc.
+	# this is to prevent finding software versions
+	location ~\.(ht|md|json|dist)$ {
+		deny all;
+		return 404;
 	}
 
 	# block git files and folders