How to deny access to pagekit.db using nginx

  • Hi,


    I just read a blog post, it's not a new one, but wanted to check if he problem\security issue mentioned here is already fixes...


    Siteoint article (2016):

    Security


    Curiously, Pagekit goes against best practices and puts the entry point to the app (index.php) into the root folder instead of a public subfolder. On Nginx (and on Apache which doesn’t read local .htaccess files) this has severe security implications, as it allows anyone to access critical files (like pagekit.db – the site’s entire database) through the URL bar, by just typing in mypagekit.com/pagekit.db.

    To get around this, we need to modify the server script further with a rather primitive line of code taken almost verbatim from their .htaccess file. Add the following just above location ~ \.php$ {:

  • SPQRInc

    Changed the title of the thread from “Question regarding security issue” to “How to deny access to pagekit.db using nginx”.