Skip to content

Commit

Permalink
Deny access to XML and PHTML files in pub/errors
Browse files Browse the repository at this point in the history
For apache via .htaccess and in nginx sample configuration
  • Loading branch information
schmengler committed Jan 14, 2019
1 parent d7ac52b commit a0566ab
Showing 2 changed files with 9 additions and 1 deletion.
7 changes: 6 additions & 1 deletion nginx.conf.sample
Original file line number Diff line number Diff line change
@@ -159,6 +159,11 @@ location /media/downloadable/ {
location /media/import/ {
deny all;
}
location /errors/ {
location ~* \.xml$ {
deny all;
}
}

# PHP entry point for main application
location ~ ^/(index|get|static|errors/report|errors/404|errors/503|health_check)\.php$ {
@@ -198,6 +203,6 @@ gzip_types
gzip_vary on;

# Banned locations (only reached if the earlier PHP entry point regexes don't match)
location ~* (\.php$|\.htaccess$|\.git) {
location ~* (\.php$|\.phtml$|\.htaccess$|\.git) {
deny all;
}
3 changes: 3 additions & 0 deletions pub/errors/.htaccess
Original file line number Diff line number Diff line change
@@ -1,4 +1,7 @@
Options None
<FilesMatch "\.(xml|phtml)$">
Deny from all
</FilesMatch>
<IfModule mod_rewrite.c>
RewriteEngine Off
</IfModule>

0 comments on commit a0566ab

Please sign in to comment.