From 0b43bb90c46637c37440bb07ed48ad08df21e2fd Mon Sep 17 00:00:00 2001
From: Dale Davies <dale@daledavies.co.uk>
Date: Wed, 6 Jul 2022 09:08:09 +0100
Subject: [PATCH] Add extra deny rules to nginx.conf

---
 docker/nginx.conf | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/docker/nginx.conf b/docker/nginx.conf
index 4adeb02..c0eb260 100644
--- a/docker/nginx.conf
+++ b/docker/nginx.conf
@@ -73,6 +73,30 @@ http {
             deny all;
         }
 
+        # Deny yaml, twig, markdown, ini file access.
+        location ~* /.+\.(markdown|md|twig|yaml|yml|ini)$ {
+            deny all;
+            log_not_found off;
+        }
+
+        # Deny all grunt, package files.
+        location ~* (Gruntfile|package)\.(js|json|jsonc)$ {
+            deny all;
+            log_not_found off;
+        }
+
+        # Deny all composer files.
+        location ~* composer\. {
+            deny all;
+            log_not_found off;
+        }
+
+        # Deny vendor directory.
+        location ^~ /vendor/ {
+            deny all;
+            log_not_found off;
+        }
+
         # Allow fpm ping from localhost, useful for docker HEALTHCHECK.
         location ~ ^/(fpm-ping)$ {
             access_log off;