I'm using Apache2 2.4.46 as a reverse proxy in front of a docker container (Reverse proxy itself is not inside container). The container comes with a WordPress installation. When I check the configuration with wpscan it shows me that there are some files presented that better should be hidden, like readme.txt or xmlrpc.php.
I try to hide them via directive:
<Files "readme.txt">
Require all denied
</Files>
But that does not work. I have also tried the old version:
<Files "readme.txt">
Order deny,allow
Deny from all
</Files>
I want to secure them globally for this instance. So I tried to set it outside of a directive and also inside <Proxy "*">... directive.
All failed. Any ideas what to do? Or what could be wrong?
Regards olaf
You should instruct proxypass to ignore urls using the "!" notation.
ProxyPass /public/forms/ !
Official documentation here: https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.