I create some django websites using Plesk Onyx. My problem is If I go to domainname.com/appname/settings.py or domainname.com/manage.py url i see everything in ".py" file. My folder permissions 755, file permissions is 644. The problem is solved when I set the file permissions to 640 or 600. Is there a shortcut in django related to this vulnerability? or do I need to change individual file permissions? I'm looking for an easy way. I don't know, maybe by adding a little code in django I can prevent these files from appearing. Im using python 3.6 - Django 2.2.3 - Plesk Onyx - Nginx
Granted 700 permissions to all folders except media and static folders. and i give 700 permissions manage.py + passenger_wsgi.py file.
Also i add "Additional nginx directives" in plesk
location ~* .(py|sqlite3|pyc)$ {
return 404;
}
I think its okay and secure now..