From 8f3de60d850be9dc2a03b361f893b218dad8f114 Mon Sep 17 00:00:00 2001
From: Richie B2B <richard.vandenberg@ncsc.nl>
Date: Tue, 13 Jul 2021 08:12:19 +0200
Subject: [PATCH] Dev Disallow download of composer.json

---
 .htaccess | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.htaccess b/.htaccess
index d3e93b123b7..93686cf61de 100644
--- a/.htaccess
+++ b/.htaccess
@@ -11,6 +11,9 @@
     # deny access to hidden files and directories except .well-known
     RewriteCond %{REQUEST_URI} !^/\.well-known
     RewriteRule ^(.*/)?\.+ - [F]
+
+    # deny access to composer.json that is used for remote fingerprinting
+    RewriteRule ^composer.json - [F]
 </IfModule>
 
 # deny access to hidden files and directories without mod_rewrite