nginx rule to prevent access to sensitive files (#65)

* nginx rule to prevent access to sensitive files * Add a suggested rule that does the same as the suggested rule in .htaccess * Add .git and auth.json to nginx sensitive resources
5 years ago · 0ef4318913
parent 3aeffd15aa
commit 0ef4318913
1 changed files with 7 additions and 0 deletions
--- a/.nginx.conf
+++ b/.nginx.conf
@ -3,6 +3,13 @@ location / {
  try_files $uri $uri/ /index.php?$query_string;
 }

+# Uncomment the following lines if you are not using a `public` directory
+# to prevent sensitive resources from being exposed.
+# location ~* ^/(\.git|composer\.(json|lock)|auth\.json|config\.php|flarum|storage|vendor) {
+#   deny all;
+#   return 404;
+# }
+
 # The following directives are based on best practices from H5BP Nginx Server Configs
 # https://github.com/h5bp/server-configs-nginx