Problema with hidden file

befective · April 18, 2024, 11:02am

In my project there are rotots.txt and sitemap.xml files. and I can’t delete or not generate them. as well as hidden versioning files such as .hg, GitKeeper, .__darcs, .bzr. How do I exclude these files and not generate them during the deploy/build of my website.

nathanmartin · April 18, 2024, 11:04am

@befective Can you provide a little more background context?

What your site consists of and what it builds on Netlify is up to you.

If you wanted to exclude files from being built you would adjust your build appropriately.

If you couldn’t prevent files from building, (for whatever reason), but wanted to not deploy them, you could simply delete them after the build but prior to deployment.

befective · April 18, 2024, 11:14am

When I check my website this problem appears. but I have no idea who creates it or where it is generated. because in the files that are generated in /dist they do not appear. I would like to know how to delete or not generate them correctly.

nathanmartin · April 18, 2024, 11:28am

@befective So, I take it that ZAP is some form of site vulnerability scanner.

I believe you are not supposed to run vulnerability scanning etc against Netlify sites without written permission, which you can read more about here:

In regards to the files reported by the scanner, have you confirmed that they actually exist on the deployed site?

Note that I cannot check as you’ve rather intentionally censored the image so I cannot tell what site this is for.

nathanmartin · April 18, 2024, 11:51am

@befective I don’t believe those files do exist.

It could just be that the scanner is a little simplistic.

If I’m understanding correctly, it has looked for and “found”:
https://test.befective.com/._darcs
https://test.befective.com/.bzr
https://test.befective.com/.hg
https://test.befective.com/BitKeeper

Which while it’s true that all of those return a 200 response, you’ll see that they’re all your main page.

It’s no surprise though, because so does this:
https://test.befective.com/this-is-a-random-url-i-made-up-which-does-not-exist

None of those files exist.

You’re simply using the Netlify redirect rule for an SPA (Single Page Application) along the lines of:

/*   /index.html   200

Which as it is not forced says “for any path that isn’t found as a file, return the /index.html contents”, so that your single page application handles the routing internally.

It’s likely the scanner is just interpreting the 200 status and returned html as “the file exists” (when it really does not).