Skip to content
This repository has been archived by the owner on Nov 1, 2023. It is now read-only.

Allow to deny some locations #150

Closed
bugchecker opened this issue Nov 23, 2019 · 1 comment
Closed

Allow to deny some locations #150

bugchecker opened this issue Nov 23, 2019 · 1 comment

Comments

@bugchecker
Copy link

bugchecker commented Nov 23, 2019
edited
Loading

When I tried to use {"root": "."} I've got public access to some files (bin/, config/, logs/, static.json). So maybe do one of below actions:

  1. Allow to deny some locations in static.json.
  2. Allow routes' $path be tried before $uri:

    heroku-buildpack-static/scripts/config/templates/nginx.conf.erb

    Lines 91 to 95 in b613e77

    <% if clean_urls %>
    try_files $uri.html $uri $uri/ $path $fallback;
    <% else %>
    try_files $uri $path $fallback;
    <% end %>
  3. Automatically detect {"root": "."} and deny dangerous prefixes (be attention with /non-blocked-location/../static.json)
@bugchecker bugchecker changed the title Allow to deny some location Allow to deny some locations Nov 23, 2019
@edmorley
Copy link
Member

edmorley commented Jun 9, 2022

Hi

This buildpack is now deprecated and we are recommending people move the more actively maintained heroku-buildpack-nginx. For migration advice see here.

As such, I'm closing this issue out since we won't be making further changes to this buildpack.

@edmorley edmorley closed this as not planned Won't fix, can't repro, duplicate, stale Jun 9, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@edmorley @bugchecker