chore: check if the directory is known by lagoon nginx when it's part…

… of the repo
AmazeeLabs · Oct 18, 2023 · 0f47627 · 0f47627
1 parent ecdbfcd
commit 0f47627
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 1 deletion.
diff --git a/apps/cms/.gitignore b/apps/cms/.gitignore
@@ -30,4 +30,4 @@ generated/operations.json
 generated/translations.json
 
 # OAuth2
-/keys
+#/keys
diff --git a/apps/cms/keys/.htaccess b/apps/cms/keys/.htaccess
@@ -0,0 +1,27 @@
+# Deny all requests from Apache 2.4+.
+<IfModule mod_authz_core.c>
+  Require all denied
+</IfModule>
+
+# Deny all requests from Apache 2.0-2.2.
+<IfModule !mod_authz_core.c>
+  Deny from all
+</IfModule>
+
+# Turn off all options we don't need.
+Options -Indexes -ExecCGI -Includes -MultiViews
+
+# Set the catch-all handler to prevent scripts from being executed.
+SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006
+<Files *>
+  # Override the handler again if we're run later in the evaluation list.
+  SetHandler Drupal_Security_Do_Not_Remove_See_SA_2013_003
+</Files>
+
+# If we know how to do it safely, disable the PHP engine entirely.
+<IfModule mod_php7.c>
+  php_flag engine off
+</IfModule>
+<IfModule mod_php.c>
+  php_flag engine off
+</IfModule>
diff --git a/apps/cms/keys/web.config b/apps/cms/keys/web.config
@@ -0,0 +1,7 @@
+<configuration>
+  <system.webServer>
+    <authorization>
+      <deny users="*">
+    </authorization>
+  </system.webServer>
+</configuration>
-Original file line number
+Diff line change
@@ Expand Up / @@ -30,4 +30,4 @@ generated/operations.json @@
     generated/translations.json
     # OAuth2
-    /keys
+    #/keys