Aliyun's Cloud Shield system reports a system vulnerability, prompting: System configuration leaks, the path is: 80/.git/config, open with the browser, a text file is downloaded, the contents are as follows (modified):
[Core]
repositoryformatversion = 0
FileMode = True
Bare = False
Logallrefupdates = True
[remote "origin"]
url = xxxxx
Fetch = XXXXXX
[branch "master"]
Remote = origin
Merge = Refs/heads/master
Hackers can use this profile to scan all of the site's directories, even to restore git version, or rather scary, quickly fix this security problem!
Use the Nginx configuration to prevent external access. Git directory
Open the Web site nginx configuration file and add the following configuration:
Location ~/\.git {
Deny all;
}
This prevents access to the. Git directory from the outside, prevents the git configuration file from leaking, turns on the display 403 forbidden again, and then it says OK.