0

I have created a small web application with NodeJS Express. Basically a webserver that has a 'webserver.properties' file. With a very basic app.yaml file.

After deploying it to Google Cloud by use of 'gcloud app deploy' I get the everything up and running.

However...when I open the following URL in the browser: https://webserverurl.com/webserver.properties , the webserver.properties file can be approached and is in turn downloaded immediately.

How can I prevent this from happening and make sure that such properties files are inaccessible from outside?

vv01
  • 81
  • 10
  • How do you serve static files? – Molda Feb 15 '18 at 10:26
  • @Molda thanks for your response. I am kind of new to google cloud. Where can I check how my files are hosted/served? – vv01 Feb 19 '18 at 13:48
  • Well, in express you usualy do something like `app.use(serve.static('public'))` which will serve all files in `./public` folder. What i think you are doing is `app.use(serve.static())` which basically serve every file in your app folder including webserver.properties file. – Molda Feb 19 '18 at 16:19
  • Hi. Are you using https://github.com/expressjs/serve-static#serve-all-files-as-downloads ? Please confirm – Victor M Perez Feb 23 '18 at 14:47
  • This is what I use: app.use('/', express.static(__dirname + '/')); app.use(bodyParser.urlencoded({ extended: false })); app.use(bodyParser.json()); – vv01 Feb 24 '18 at 15:09
  • This line is giving access to all files in the current directory `app.use('/', express.static(__dirname + '/'));`. I have tested it and I have the same problem. Look at this answer https://stackoverflow.com/a/18905975/9015852 – Victor M Perez Feb 26 '18 at 16:42

1 Answers1

0

The problem is that when you use this line:

app.use('/', express.static(__dirname + '/'));

you are giving access to your root directory. See this for a definition of __dirname. If you want to give access to a specific folder you can do this:

Lets say your root directory is src and you fave a dir with static files called src/myfiles. In order to give acces to files in myfiles you can use this line:

app.use('/mypathname', express.static('myfiles'));

where:

  1. '/mypathname' is the part pertaining your URL. In your case it would be https://webserverurl.com/mypathname/any-file-name.jpg

  2. express.static('myfiles') is the name of your local dir.

See this guide.

Hope this helps

Victor M Perez
  • 2,185
  • 3
  • 19
  • 22
  • Thanks for your response. All my files are hosted in the root directory. Also the server.js file. So the webserver.properties file as well as the server.js file (which is pretty much the entire webserver application). How can I make sure that the webserver.properties in this case in inaccessible from outside? – vv01 Mar 07 '18 at 15:05
  • Please try to move the files you want to serve to other folder like I explain above so that no important files will be exposed to the public – Victor M Perez Mar 07 '18 at 15:24