Skip to content
This repository was archived by the owner on Jul 6, 2023. It is now read-only.

Correct regular expression #584

Merged
alessfg merged 1 commit into from
Oct 1, 2021
Merged

Correct regular expression #584

alessfg merged 1 commit into from
Oct 1, 2021

Conversation

@doublecompile
Copy link
Contributor

@doublecompile doublecompile commented Oct 1, 2021

This commit should resolve #568. I've taken the regular expression directly from https://github.com/drupal/drupal/blob/038cb48a4a640fd4913e0b6284f60f6fe82fc9cf/.htaccess#L6
@alessfg alessfg merged commit dbb6032 into nginxinc:master Oct 1, 2021
@alessfg
Copy link
Collaborator

alessfg commented Oct 1, 2021

Thank you!
@codebymikey
Copy link
Contributor

codebymikey commented Oct 13, 2021

I think this change most likely introduces a regression as the original htaccess rules aren't compatible with Nginx's location block, particularly the use of ^.

Which is what my original commit from #532 aimed to acheive.

@nielstholenaar I'm not particularly sure what #567 aimed to fix as the rules before that commit should be capable of blocking access to /web.config, /composer.json, /composer.lock just fine from doing some tests. If you could provide specific examples of URL paths which are failing to match, then that might be a lot more helpful.
@nielstholenaar
Copy link
Contributor

nielstholenaar commented Oct 14, 2021

Hi @codebymikey,
We had issues with those file being able to be viewed and not be blocked by using the old regex.
I cannot remember the specific site, so sadly I cannot post any URL paths. But it looked like the regex was invalid because it was solved by changing it.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet

4 participants

@doublecompile @alessfg @codebymikey @nielstholenaar