feat: Mitigate CVE-2023-49103 with protect sensitive files feature

EsadCetiner · Dec 4, 2023 · 009601c · 009601c
1 parent 6e337fc
commit 009601c
Showing 1 changed file with 8 additions and 2 deletions.
diff --git a/snippets/protect-sensitive-files.conf b/snippets/protect-sensitive-files.conf
@@ -9,5 +9,11 @@
 # Most of the file extensions here is borrowed from OWASP ModSecurity Core Rule Set
 location ~* \.(?:asa|asax|backup|bak|bat|cdx|cer|cfg|cmd|conf|config|cs|csproj|csr|dat|db|dbf|dll|dos|env|git|htr|htw|ini|key|licx|lnk|log|mdb|old|pass|pdb|pol|printer|pwd|rdb|resources|resex|sql|swp|sys|vb|vbs|vbproj|vsdisco|webinfo|xsd|xsx)$ { deny all; }
 
-# Block known sensitive files
-location ~* (?:config\.(?:old\.)?(?:php|json)|config\.inc\.php|config\.sample\.php|\.ht(?:access|passwd|digest)) { deny all; }
+# Block access to configuration files
+location ~* (?:config\.(?:old\.)?(?:php|json)|config\.inc\.php|config\.sample\.php) { deny all; }
+
+# Block htaccess
+location ~* \.ht(?:access|passwd|digest) { deny all; }
+
+# Owncloud CVE-2023-49103 https://nvd.nist.gov/vuln/detail/CVE-2023-49103
+location ~* getphpinfo\.php { deny all; }