deny vendor, composer.json, changelog.md etc. in nginx config sample

slawkens · Apr 6, 2024 · f837b31 · f837b31
1 parent 9106f1e
commit f837b31
Showing 1 changed file with 9 additions and 2 deletions.
diff --git a/nginx-sample.conf b/nginx-sample.conf
@@ -13,9 +13,16 @@ server {
 		return 404;
 	}
 
-	# block .htaccess
-	location ~ /\.ht {
+	location /vendor {
 		deny all;
+		return 404;
+	}
+
+	# block .htaccess, CHANGELOG.md, composer.json etc.
+	# this is to prevent finding software versions
+	location ~\.(ht|md|json|dist)$ {
+		deny all;
+		return 404;
 	}
 
 	# block git files and folders