From 0057ff5b2ddce05ebd51fbae65f5f8e126234524 Mon Sep 17 00:00:00 2001
From: Sam James <sam@samdjames.uk>
Date: Mon, 30 Sep 2024 23:58:06 +0100
Subject: [PATCH 1/2] feat: disable the setup route by default for nginx

---
 nginx.conf.sample | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/nginx.conf.sample b/nginx.conf.sample
index cc1d52e1d9284..9d80b478efec1 100644
--- a/nginx.conf.sample
+++ b/nginx.conf.sample
@@ -47,6 +47,11 @@ location /.user.ini {
 location ~* ^/setup($|/) {
     root $MAGE_ROOT;
     location ~ ^/setup/index.php {
+        deny all;
+        # If you want to enable the web based setup functionality, add your
+        # ip address to the allow list below or comment out the deny all above.
+        # allow 127.0.0.1;
+
         fastcgi_pass   fastcgi_backend;
 
         fastcgi_param  PHP_FLAG  "session.auto_start=off \n suhosin.session.cryptua=off";

From f6ca78b0f75d57e8c2a6b83b56db8ab5e2d95c4c Mon Sep 17 00:00:00 2001
From: Sam James <sam@samdjames.uk>
Date: Wed, 14 May 2025 11:07:54 +0100
Subject: [PATCH 2/2] feat: disable setup route by default for apache
 distributed config

---
 setup/.htaccess | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/setup/.htaccess b/setup/.htaccess
index 3e6764bf4bab2..582ee8f488d0e 100644
--- a/setup/.htaccess
+++ b/setup/.htaccess
@@ -1,3 +1,15 @@
+# If you want to enable the web based setup functionality, add your ip address
+# to the allow list below or comment out the IfVersion Deny deny blocks below.
+<Files "index.php">
+    <IfVersion < 2.4>
+        order allow,deny
+        deny from all
+    </IfVersion>
+    <IfVersion >= 2.4>
+        Require all denied
+    </IfVersion>
+</Files>
+
 Options -Indexes
 
 <IfModule mod_rewrite.c>