Merge pull request #157 from olehermanse/404

Stopped serving package.json / package-lock.json files
cfengine · Apr 9, 2024 · 8caf081 · 8caf081
2 parents bd0ef71 + cd68660
commit 8caf081
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 11 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -10,6 +10,8 @@ COPY . ./
 RUN npm run build
 RUN ./hugo -v
 RUN npm run create-modules-json
+RUN rm ./public/package.json
+RUN rm ./public/package-lock.json
 RUN find public -type f -regex '^.*\.\(svg\|css\|html\|xml\)$' -size +1k -exec gzip -k '{}' \;
 
 FROM nginx:stable-alpine

diff --git a/README.md b/README.md
@@ -45,8 +45,7 @@ Using docker / podman to build and serve is fairly straight forward:
 
 ```
 export GITHUB_USERNAME_TOKEN='place githubName:token here'
-docker build --build-arg GITHUB_USERNAME_TOKEN --tag cfbs-website -f Dockerfile .
-docker run -p 80:80 -p 81:81 --volume /path/to/volume:/home/proxy --name cfbs-website --rm cfbs-website
+docker build --build-arg GITHUB_USERNAME_TOKEN --tag cfengine-build-website -f Dockerfile . && docker run -it -p 80:80 -p 81:81 --volume ./proxy:/home/proxy --name cfengine-build-website --rm cfengine-build-website
 ```
 
 ## CFEngine Build repositories

diff --git a/nginx.conf b/nginx.conf
@@ -44,13 +44,13 @@ http {
         ## Begin - Security
         location ~ ^/(.well-known/security.txt|security.txt) { return 301 https://northern.tech/security.txt; }
         # deny all direct access for these folders
-        location ~* /(.git|cache|bin|logs|backup|tests)/.*$ { return 403; }
+        location ~* /(.git|cache|bin|logs|backup|tests)/.*$ { return 404; }
         # deny running scripts inside core system folders
-        location ~* /(system|vendor)/.*\.(txt|xml|md|html|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
+        location ~* /(system|vendor)/.*\.(txt|xml|md|html|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 404; }
         # deny running scripts inside user folder
-        location ~* /user/.*\.(txt|md|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
+        location ~* /user/.*\.(txt|md|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 404; }
         # deny access to specific files in the root folder
-        location ~ /(LICENSE.txt|composer.lock|composer.json|nginx.conf|web.config|htaccess.txt|\.htaccess) { return 403; }
+        location ~ /(LICENSE.txt|composer.lock|composer.json|nginx.conf|web.config|htaccess.txt|\.htaccess|package.json|package-lock.json|Dockerfile|Containerfile|Makefile) { return 404; }
         ## End - Security
 
         # Try to keep the file uplodas in the memory:
@@ -96,7 +96,7 @@ http {
             set $block_common_exploits 1;
         }
         if ($block_common_exploits = 1) {
-            return 403;
+            return 404;
         }
         ## Block SQL injections
         set $block_sql_injections 0;
@@ -110,7 +110,7 @@ http {
             set $block_sql_injections 1;
         }
         if ($block_sql_injections = 1) {
-            return 403;
+            return 404;
         }
         ## Block file injections
         set $block_file_injections 0;
@@ -124,7 +124,7 @@ http {
             set $block_file_injections 1;
         }
         if ($block_file_injections = 1) {
-            return 403;
+            return 404;
         }
         ## Block spam
         set $block_spam 0;
@@ -141,7 +141,7 @@ http {
             set $block_spam 1;
         }
         if ($block_spam = 1) {
-            return 403;
+            return 404;
         }
         ## Common bandwidth hoggers and hacking tools.
         set $block_user_agents 0;
@@ -170,7 +170,7 @@ http {
             set $block_user_agents 1;
         }
         if ($block_user_agents = 1) {
-            return 403;
+            return 404;
         }
     }