Plesk Django .py files showing in browser. How do I make it safe?

Aytek
July 27, 2019
99 views
1 vote
2 Answers

I create some django websites using Plesk Onyx. My problem is If I go to domainname.com/appname/settings.py or domainname.com/manage.py url i see everything in “.py” file. My folder permissions 755, file permissions is 644. The problem is solved when I set the file permissions to 640 or 600. Is there a shortcut in django related to this vulnerability? or do I need to change individual file permissions? I’m looking for an easy way. I don’t know, maybe by adding a little code in django I can prevent these files from appearing. Im using python 3.6 – Django 2.2.3 – Plesk Onyx – Nginx

Answers

Chosen as BEST ANSWER
- Aytek
- July 28, 2019 at 3:27 pm
- 0 votes
0
Granted 700 permissions to all folders except media and static folders. and i give 700 permissions manage.py + passenger_wsgi.py file.

Also i add "Additional nginx directives" in plesk
```
location ~* .(py|sqlite3|pyc)$ {
return 404;
}
```
I think its okay and secure now..

(Edit)

- EyniKave
- July 28, 2019 at 12:17 am
- 0 votes
0
in ur .htaccess file block directory browsing
1. if want block specific extention
  
  IndexIgnore *.py *.txt
2. block full directory listing
  
  Options -Indexes
Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.