From 4e901b6021a0f9dc789af0a504b048b2bde68c1c Mon Sep 17 00:00:00 2001
From: Eric Smith <ericsmith@catalyst.net.nz>
Date: Thu, 30 Nov 2023 14:48:29 +1300
Subject: [PATCH] Deny access to example.nginx config

---
 .htaccess     | 2 +-
 example.nginx | 2 +-
 web.config    | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.htaccess b/.htaccess
index 4031da475cfb..d40efd6262dd 100644
--- a/.htaccess
+++ b/.htaccess
@@ -3,7 +3,7 @@
 #
 
 # Protect files and directories from prying eyes.
-<FilesMatch "\.(engine|inc|install|make|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock)|web\.config|yarn\.lock|package\.json)$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)$">
+<FilesMatch "\.(engine|inc|install|make|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock)|web\.config|yarn\.lock|package\.json|example\.nginx)$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)$">
   <IfModule mod_authz_core.c>
     Require all denied
   </IfModule>
diff --git a/example.nginx b/example.nginx
index 3e6aca08dd39..c80cc5eb0497 100644
--- a/example.nginx
+++ b/example.nginx
@@ -59,7 +59,7 @@ server {
     }
 
     # Protect files and directories from prying eyes.
-    location ~ \.(engine|inc|install|make|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|\/(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock)|web\.config|yarn\.lock|package\.json)$|\/#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)$ {
+    location ~ \.(engine|inc|install|make|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|\/(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock)|web\.config|yarn\.lock|package\.json|example\.nginx)$|\/#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)$ {
         deny all;
         return 404;
     }
diff --git a/web.config b/web.config
index b769e45e3699..807ec57d9cf3 100644
--- a/web.config
+++ b/web.config
@@ -22,7 +22,7 @@
     <rewrite>
       <rules>
         <rule name="Protect files and directories from prying eyes" stopProcessing="true">
-          <match url="\.(engine|inc|install|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml|svn-base)$|^(code-style\.pl|Entries.*|Repository|Root|Tag|Template|all-wcprops|entries|format|composer\.(json|lock)|\.htaccess|yarn.lock|package.json)$" />
+          <match url="\.(engine|inc|install|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml|svn-base)$|^(code-style\.pl|Entries.*|Repository|Root|Tag|Template|all-wcprops|entries|format|composer\.(json|lock)|\.htaccess|yarn.lock|package.json|example\.nginx)$" />
           <action type="CustomResponse" statusCode="403" subStatusCode="0" statusReason="Forbidden" statusDescription="Access is forbidden." />
         </rule>
 
-- 
GitLab