I have scan my site using https://www.magereport.com. I got Cacheleak vulnerability? unprotected issue. I need to know to fix this issue i have to define "location ^~ /var/ { return 403; }" , please tell me where i will add this code , if in htacess how ?
Create a .htaccess file with below content in var/, var/cache, var/session, var/backups directory of your Magento installation. It will deny any access request made to files
Order deny,allow
Deny from all
Refer to this article for implementation in Nginix server.
https://www.acunetix.com/vulnerabilities/web/magento-cacheleak