Skip to content

Hide markdown, composer, npm and web.config files everywhere#86

Merged
csandanov merged 2 commits intowodby:masterfrom
elaman:master
Jul 24, 2023
Merged

Hide markdown, composer, npm and web.config files everywhere#86
csandanov merged 2 commits intowodby:masterfrom
elaman:master

Conversation

@elaman
Copy link
Contributor

@elaman elaman commented Jul 18, 2023
edited
Loading

Motivation

Current NGINX_DRUPAL_NOT_FOUND_REGEX default value hides composer and npm files. However only when they are in the base path. But http://example.com/core/composer.json or http://example.com/core/package.json aren't hidden.

The other things that needs hiding are markdown (http://example.com/README.md) and web.config files (http://example.com/web.config, core/assets/scaffold/files/web.config).

The issue was found while running automated a security audit service.

Solution

Modify regex to hide markdown, composer, npm and web.config files no matter where they are.

elaman added 2 commits July 18, 2023 19:09
@elaman
Alter regex to catch:
6e7b8e1 
- All MD files
- web.config file
- Composer and npm packages no matter the depth
@elaman
web.config can be located not only in root
f7b1ca1
@csandanov csandanov merged commit 389ceb5 into wodby:master Jul 24, 2023
@janmashat janmashat mentioned this pull request May 28, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@elaman @csandanov

Comments