diff --git a/.htaccess b/.htaccess index 52fe1ab44..feb06d7c1 100644 --- a/.htaccess +++ b/.htaccess @@ -12,13 +12,13 @@ RewriteEngine On # Prevent Direct Access to Protected Files - + Order deny,allow Deny from all # Prevent Direct Access To Protected Folders - RewriteRule ^(app|bootstrap|config|database|resources|routes|storage|tests)/(.*) / [L,R=301] + RewriteRule ^(app|bootstrap|config|database|overrides|resources|routes|storage|tests)/(.*) / [L,R=301] # Prevent Direct Access To modules/vendor Folders Except Assets RewriteRule ^(modules|vendor)/(.*)\.((?!ico|gif|jpg|jpeg|png|js|css|less|sass|font|woff|woff2|eot|ttf|svg).)*$ / [L,R=301] diff --git a/nginx.example.com.conf b/nginx.example.com.conf index ac0b7c59d..fcea95fb9 100644 --- a/nginx.example.com.conf +++ b/nginx.example.com.conf @@ -1,14 +1,14 @@ server { listen 80 default_server; listen 443 ssl http2; - + ssl_certificate /ssl/crt/file.crt; ssl_certificate_key /ssl/key/file.key; - + server_name example.com; root /var/www/example.com/public_html; - + add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Content-Type-Options "nosniff"; @@ -22,20 +22,20 @@ server { } # Prevent Direct Access To Protected Files - location ~ \.(env|log) { + location ~ \.(env|json|log) { deny all; } # Prevent Direct Access To Protected Folders - location ~ ^/(^app$|bootstrap|config|database|resources|routes|storage|tests|artisan) { + location ~ ^/(^app$|bootstrap|config|database|overrides|resources|routes|storage|tests|artisan) { deny all; } - + # Prevent Direct Access To modules/vendor Folders Except Assets location ~ ^/(modules|vendor)\/(.*)\.((?!ico|gif|jpg|jpeg|png|js|css|less|sass|font|woff|woff2|eot|ttf|svg).)*$ { deny all; } - + error_page 404 /index.php; # Pass PHP Scripts To FastCGI Server @@ -50,4 +50,4 @@ server { location ~ /\.(?!well-known).* { deny all; } -} \ No newline at end of file +}