apache: block access to .git* and .env* files
Some checks reported errors
continuous-integration/drone/push Build was killed

This commit is contained in:
Brice Waegeneire 2021-12-28 16:11:20 +01:00
parent 1893b6dea5
commit 4c6d30a52c

View file

@ -48,15 +48,23 @@ MaxKeepAliveRequests 10
Deny from env=GoAway
<DirectoryMatch "/\.git">
# We don't want to let the client know a file exist on the server,
# so we return 404 "Not found" instead of 403 "Forbidden".
Redirect 404
<Files ~ "\.(inc|bak)$">
Require all denied
# File names starting with
<FilesMatch "^\.(git|env)">
Redirect 404
# File names ending with
<FilesMatch "\.(inc|bak)$">
Redirect 404
<LocationMatch "^/evolinux_fpm_status-.*">
Require all denied
# Block http request on /.git
RedirectMatch 404 /\.git