I have scan my site using https://www.magereport.com. I got Cacheleak vulnerability? unprotected issue. I need to know to fix this issue i have to define "location ^~ /var/ { return 403; }" , please tell me where i will add this code , if in htacess how ?
Asked
Active
Viewed 1,565 times
2
Gopal Bhuva
- 654
- 2
- 13
- 20
Amit Sharma
- 43
- 8
1 Answers
3
Create a .htaccess file with below content in var/, var/cache, var/session, var/backups directory of your Magento installation. It will deny any access request made to files
Order deny,allow
Deny from all
Refer to this article for implementation in Nginix server.
https://www.acunetix.com/vulnerabilities/web/magento-cacheleak
Nikhil Raj
- 50
- 1
- 1
-
Isn't it enough to just put it under `var/` ?? – Black Feb 26 '19 at 08:39