blocks certain paths in Nginx config

NHSLeadership · Mar 5, 2024 · 1bb8cab · 1bb8cab
1 parent 4def633
commit 1bb8cab
Showing 1 changed file with 24 additions and 0 deletions.
diff --git a/openresty/rootfs/usr/local/openresty/nginx/conf/site.conf.default b/openresty/rootfs/usr/local/openresty/nginx/conf/site.conf.default
@@ -66,4 +66,28 @@ server {
     	root /usr/local/openresty/nginx/html;
     	internal;
     }
+
+    # Block access to dot files except the .well-known directory
+	location ~* /\.(?!well-known\/) {
+        deny all;
+		return 404;
+    }
+
+	# Unlikely to have these but block access to certain filetypes
+	location ~* (?:\.(?:bak|conf|yaml|yml|cfg|fla|in[ci]|log|psd|sh|sql)|~)$ {
+        deny all;
+		return 404;
+    }
+
+	# Block access to composer files
+	location ~* composer\.(?:json|lock) {
+        deny all;
+		return 404;
+    }
+
+	# Block certain directories
+	location ~ /(vendor|behat|node_modules) {
+        deny all;
+        return 404;
+	}
 }