.htaccesssecuritymagento-1.9crlf-vulnerability

Cacheleak vulnerability magento var folder issue


I have scan my site using https://www.magereport.com. I got Cacheleak vulnerability? unprotected issue. I need to know to fix this issue i have to define "location ^~ /var/ { return 403; }" , please tell me where i will add this code , if in htacess how ?


Solution

  • Create a .htaccess file with below content in var/, var/cache, var/session, var/backups directory of your Magento installation. It will deny any access request made to files

    Order deny,allow 
    Deny from all
    

    Refer to this article for implementation in Nginix server.

    https://www.acunetix.com/vulnerabilities/web/magento-cacheleak