updated applicationHost to reject requests to vendor dir

Author: SyntaxC4

ComposerExtension.nuspec

@@ -3,13 +3,13 @@
 <metadata>
 <id>ComposerExtension</id>
 <title>Composer</title>
-<version>0.2.7</version>
+<version>0.3.0</version>
 <authors>Cory Fowler</authors>
 <licenseUrl>http://opensource.org/licenses/MIT</licenseUrl>
 <projectUrl>https://github.com/SyntaxC4-MSFT/ComposerExtension</projectUrl>
 <requireLicenseAcceptance>false</requireLicenseAcceptance>
-<description>An extension which brings Composer support to Azure Websites</description>
-<iconUrl>https://github.com/composer/getcomposer.org/blob/master/web/img/logo-composer-transparent.png</iconUrl>
+<description>An extension which brings Composer support to Azure Web App</description>
+<iconUrl>https://github.com/composer/getcomposer.org/blob/master/web/img/logo-composer-transparent3.png</iconUrl>
 <tags>composer php packagemanager</tags>
 </metadata>
 <files>

Content/applicationHost.xdt

@@ -9,12 +9,25 @@
         </sites>
   </system.applicationHost>
   <system.webServer> 
-    <runtime xdt:Transform="Insert" >
+    <runtime xdt:Transform="Insert">
          <environmentVariables>
             <add name="APPSETTING_COMMAND" value="d:\home\SiteExtensions\ComposerExtension\Hooks\deploy.cmd" />
 	    <add name="COMPOSER_ARGS" value="--prefer-dist --no-dev --optimize-autoloader --no-progress" />
             <add name="PATH" value="%PATH%;d:\home\SiteExtensions\ComposerExtension\Commands;%APPDATA%\Composer\vendor\bin" />
          </environmentVariables>
     </runtime>
-   </system.webServer> 
+    <rewrite xdt:Transform="InsertIfMissing">
+      <rules xdt:Transform="InsertIfMissing">
+        <rule name="RequestBlockingRule1" xdt:Locator="Match(name)" xdt:Transform="InsertIfMissing" stopProcessing="true">
+                    <match url=".*" />
+                    <conditions>
+                        <add input="{URL}" pattern="vendor/(.*)$" />
+                    </conditions>
+                    <action type="CustomResponse" statusCode="403" statusReason="Forbidden: Access is denied." statusDescription="You do not have permission to view this directory or page using the credentials that you supplied." />
+                </rule>
+      </rules>
+    </rewrite>
+   </system.webServer>
 </configuration>
+
+        

Content/install.cmd

@@ -6,4 +6,12 @@ IF EXIST composer.phar (
   rm -f composer.phar
 )
 
+IF NOT EXIST "%APPDATA%\Composer" (
+  mkdir "%APPDATA%\Composer"
+)
+
+IF NOT EXIST "%LOCALAPPDATA%\Composer" (
+  mkdir "%LOCALAPPDATA%\Composer"
+)
+
 php -r "readfile('https://getcomposer.org/installer');" | php