apache: block access to .git* and .env* files
continuous-integration/drone/push Build was killed Details

This commit is contained in:
Brice Waegeneire 2021-12-28 16:11:20 +01:00
parent 1893b6dea5
commit 4c6d30a52c
1 changed files with 13 additions and 5 deletions

View File

@ -48,15 +48,23 @@ MaxKeepAliveRequests 10
Deny from env=GoAway
</Directory>
<DirectoryMatch "/\.git">
# We don't want to let the client know a file exist on the server,
# so we return 404 "Not found" instead of 403 "Forbidden".
Redirect 404
</DirectoryMatch>
<Files ~ "\.(inc|bak)$">
Require all denied
</Files>
# File names starting with
<FilesMatch "^\.(git|env)">
Redirect 404
</FilesMatch>
# File names ending with
<FilesMatch "\.(inc|bak)$">
Redirect 404
</FilesMatch>
<LocationMatch "^/evolinux_fpm_status-.*">
Require all denied
</LocationMatch>
# Block http request on /.git
RedirectMatch 404 /\.git