Nginx docs for denying composer file access (fixes #8011)

2024-06-30 16:39:38 +02:00 · 2013-02-15 19:21:35 +01:00 · 2013-02-15 19:21:35 +01:00 · 5d3ed12e20
commit 5d3ed12e20
parent 9337902fdd
1 changed files with 5 additions and 0 deletions
--- a/docs/en/installation/nginx.md
+++ b/docs/en/installation/nginx.md
@ -62,6 +62,11 @@ Here is the include file `htaccess`:
 	location ~ ^/silverstripe-cache {
 		deny all;
 	}
+
+	# Deny access to composer
+	location ~ ^/(vendor|composer.json|composer.lock) {
+		deny all;
+	}
 	
 	# Don't execute scripts in the assets
 	location ^~ /assets/ {