I think that all the prestashop (and thirtybees?) nginx configuration I saw publicized are exposing tpl files.
Please test is your thirtybees installation is doing with this link (change the domain and theme dir)
https://domain.com/themes/themedir/404.tpl
If the .tpl file get downloaded your template files are exposed.
to block this behavior add this o your vhost nginx configuration file:
location ~* \.tpl$ {
deny all;
}
the only post I saw that talk about blocking tpl and others file types inside tb and ps installation is this:
https://www.prestashop.com/forums/topic/351975-using-nginx-with-ps-16-what-to-pay-attention-to/#comment-1775268
Question
Beeta
I think that all the prestashop (and thirtybees?) nginx configuration I saw publicized are exposing tpl files.
Please test is your thirtybees installation is doing with this link (change the domain and theme dir)
https://domain.com/themes/themedir/404.tpl
If the .tpl file get downloaded your template files are exposed.
to block this behavior add this o your vhost nginx configuration file:
location ~* \.tpl$ { deny all; }the only post I saw that talk about blocking tpl and others file types inside tb and ps installation is this: https://www.prestashop.com/forums/topic/351975-using-nginx-with-ps-16-what-to-pay-attention-to/#comment-1775268
Link to comment
Share on other sites
1 answer to this question
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now