Use regex from .nginx.conf and comment out rule

Uses the more common regex which reduces the number of rules and also commented out for consistency with nginx and apache
2020-07-28 16:40:23 -04:00 · 2020-07-28 16:40:23 -04:00 · d3bb8409b7
parent 6cf27444b5
commit d3bb8409b7
1 changed files with 6 additions and 26 deletions
--- a/public/web.config
+++ b/public/web.config
@ -9,34 +9,14 @@
        </defaultDocument>
        <rewrite>
            <rules>
-                <rule name="Disallow .git" stopProcessing="true">
-                    <match url="/\.git" ignoreCase="false" />
-                    <action type="CustomResponse" url="/" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
-                </rule>
-                <rule name="Disallow auth.json" stopProcessing="true">
-                    <match url="^auth\.json$" ignoreCase="false" />
-                    <action type="CustomResponse" url="/" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
-                </rule>
-                <rule name="Disallow composer.lock and json" stopProcessing="true">
-                    <match url="^composer\.(lock|json)$" ignoreCase="false" />
-                    <action type="CustomResponse" url="/" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
-                </rule>
-                <rule name="Disallow config.php" stopProcessing="true">
-                    <match url="^config.php$" ignoreCase="false" />
-                    <action type="CustomResponse" url="/" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
-                </rule>
-                <rule name="Imported Rule" stopProcessing="true">
-                    <match url="^flarum$" ignoreCase="false" />
-                    <action type="CustomResponse" url="/" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
-                </rule>
-                <rule name="Disallow storage directory" stopProcessing="true">
-                    <match url="^storage/(.*)?$" ignoreCase="false" />
-                    <action type="CustomResponse" url="/" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
-                </rule>
-                <rule name="Disallow vendor directory" stopProcessing="true">
-                    <match url="^vendor/(.*)?$" ignoreCase="false" />
+                <!-- Uncomment the rule below if you are not using the `public` directory to
+                prevent sensitve resources from being exposed -->
+                <!--
+                <rule name="Disallow sensitive directories" stopProcessing="true">
+                    <match url="^/(\.git|composer\.(json|lock)|auth\.json|config\.php|flarum|storage|vendor)" ignoreCase="false" />
                    <action type="CustomResponse" url="/" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
                </rule>
+                -->
                <rule name="Handle index.php re-write" stopProcessing="true">
                    <match url="^" ignoreCase="false" />
                    <conditions logicalGrouping="MatchAll">