Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/etc/koha-httpd.conf
Tomas Cohen Arazi 83cf63f7a8 Bug 9812 - Forbid access to several files through the browser 
This patch hides (-Indexes) and forbids (Deny from all) access to some stuff through a browser.
Specifically "xlst", "modules" and "includes" dirs and its contents.

This is just a quick fix we talked about at IRC. The proper solution would be to remove this from htdocs which will still be needed.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
I do not have an installation that uses Apache at this point, but the
changes look correct and this was signed off and QAed by Chris and
Jonathan, both of whom have Apache installations.
2013-04-07 13:43:05 -04:00

206 lines
7.2 KiB
Text
Raw Blame History

# Koha Apache Configuration Directives
#NameVirtualHost *
## OPAC
<VirtualHost __WEBSERVER_IP__:__WEBSERVER_PORT__>
ServerAdmin __WEBMASTER_EMAIL__
DocumentRoot __OPAC_WWW_DIR__
ServerName __WEBSERVER_HOST__
# ServerAlias opac.mydomain.com
ScriptAlias /cgi-bin/koha/ "__OPAC_CGI_DIR__/opac/"
ScriptAlias /index.html "__OPAC_CGI_DIR__/opac/opac-main.pl"
ScriptAlias /opac-search.pl "__OPAC_CGI_DIR__/opac/opac-search.pl"
ScriptAlias /search "__OPAC_CGI_DIR__/opac/opac-search.pl"
ErrorLog __LOG_DIR__/koha-opac-error_log
# CustomLog __LOG_DIR__/koha-opac-access.log combined
# TransferLog __LOG_DIR__/koha-opac-access.log
SetEnv KOHA_CONF "__KOHA_CONF_DIR__/koha-conf.xml"
SetEnv PERL5LIB "__PERL_MODULE_DIR__"
SetEnv MEMCACHED_SERVERS "__MEMCACHED_SERVERS__"
SetEnv MEMCACHED_NAMESPACE "__MEMCACHED_NAMESPACE__"
<Directory "__OPAC_WWW_DIR__">
Options -Indexes
</Directory>
# Secure internal stuff
<DirectoryMatch "__OPAC_WWW_DIR__/.*/(modules|xslt|includes)">
Order deny,allow
Deny from all
</DirectoryMatch>
<IfModule mod_gzip.c>
mod_gzip_on yes
mod_gzip_dechunk yes
mod_gzip_keep_workfiles No
mod_gzip_can_negotiate yes
mod_gzip_update_static No
mod_gzip_temp_dir /tmp
mod_gzip_minimum_file_size 512
mod_gzip_maximum_file_size 1000000
mod_gzip_maximum_inmem_size 1000000
mod_gzip_handle_methods GET POST
mod_gzip_item_exclude reqheader "User-Agent: .*Mozilla/4\..*\["
mod_gzip_item_exclude mime ^image/.*
mod_gzip_item_exclude rspheader Content-Type:image/*
mod_gzip_item_include file \.js$
mod_gzip_item_include mime ^application/javascript$
mod_gzip_item_include mime ^application/x-javascript$
mod_gzip_item_include file \.php$
mod_gzip_item_include mime ^text/html$
mod_gzip_item_include file \.css$
mod_gzip_item_include mime ^text/css$
</IfModule>
<IfModule mod_deflate.c>
# Compress content with type html, text, and css, ...
AddOutputFilterByType DEFLATE text/plain text/html text/xml text/css
AddOutputFilterByType DEFLATE application/xml application/xhtml+xml application/rss+xml application/javascript application/x-javascript
DeflateCompressionLevel 9
# Properly handle old browsers that do not support compression
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
DeflateFilterNote Input instream
DeflateFilterNote Output outstream
DeflateFilterNote Ratio ratio
LogFormat '"%r" %{outstream}n/%{instream}n (%{ratio}n%%)' deflate
<IfModule mod_headers.c>
#properly handle requests coming from behind proxies
Header append Vary User-Agent
</IfModule>
</IfModule>
# Repeat this virtualhost stanza changing the following environment vars to
# create multiple OPAC interfaces with custom css and/or search limits:
# SetEnv OPAC_CSS_OVERRIDE mystyle.css
# SetEnv OPAC_SEARCH_LIMIT branch:CODE
# SetEnv OPAC_LIMIT_OVERRIDE 1
Options +FollowSymLinks
ErrorDocument 400 /cgi-bin/koha/errors/400.pl
ErrorDocument 401 /cgi-bin/koha/errors/401.pl
ErrorDocument 403 /cgi-bin/koha/errors/403.pl
ErrorDocument 404 /cgi-bin/koha/errors/404.pl
ErrorDocument 500 /cgi-bin/koha/errors/500.pl
<IfModule mod_rewrite.c>
# Rewrite Rules
RewriteEngine On
# Uncomment to turn on rewrite logging
#RewriteLog __LOG_DIR__/koha-opac-rewrite.log
#RewriteLogLevel 1
RewriteCond %{QUERY_STRING} (.*?)(?:[A-Za-z0-9_-]+)=&(.*)
#RewriteRule (.+) $1?%1%2 [N,R,NE]
RewriteRule ^/bib/([^\/]*)/?$ /cgi-bin/koha/opac-detail\.pl?bib=$1 [PT]
RewriteRule ^/isbn/([^\/]*)/?$ /search?q=isbn:$1 [PT]
RewriteRule ^/issn/([^\/]*)/?$ /search?q=issn:$1 [PT]
</IfModule>
</VirtualHost>
## Intranet
<VirtualHost __WEBSERVER_IP__:__WEBSERVER_PORT_LIBRARIAN__>
ServerAdmin __WEBMASTER_EMAIL__
DocumentRoot __INTRANET_WWW_DIR__
ServerName __WEBSERVER_HOST__:__WEBSERVER_PORT_LIBRARIAN__
# ServerAlias intranet.mydomain.com
ScriptAlias /cgi-bin/koha/ "__INTRANET_CGI_DIR__/"
ScriptAlias /index.html "__INTRANET_CGI_DIR__/mainpage.pl"
ScriptAlias /search "__INTRANET_CGI_DIR__/search.pl"
Alias /plugin/ "__PLUGINS_DIR__/"
ErrorLog __LOG_DIR__/koha-error_log
# TransferLog __LOG_DIR__/koha-access.log
SetEnv KOHA_CONF "__KOHA_CONF_DIR__/koha-conf.xml"
SetEnv PERL5LIB "__PERL_MODULE_DIR__"
SetEnv MEMCACHED_SERVERS "__MEMCACHED_SERVERS__"
SetEnv MEMCACHED_NAMESPACE "__MEMCACHED_NAMESPACE__"
Options +FollowSymLinks
ErrorDocument 400 /cgi-bin/koha/errors/400.pl
ErrorDocument 401 /cgi-bin/koha/errors/401.pl
ErrorDocument 403 /cgi-bin/koha/errors/403.pl
ErrorDocument 404 /cgi-bin/koha/errors/404.pl
ErrorDocument 500 /cgi-bin/koha/errors/500.pl
<Directory "__INTRANET_WWW_DIR__">
Options -Indexes
</Directory>
# Secure internal stuff
<DirectoryMatch "__INTRANET_WWW_DIR__/.*/(modules|xslt|includes)">
Order deny,allow
Deny from all
</DirectoryMatch>
<IfModule mod_gzip.c>
mod_gzip_on yes
mod_gzip_dechunk yes
mod_gzip_keep_workfiles No
mod_gzip_can_negotiate yes
mod_gzip_update_static No
mod_gzip_temp_dir /tmp
mod_gzip_minimum_file_size 512
mod_gzip_maximum_file_size 1000000
mod_gzip_maximum_inmem_size 1000000
mod_gzip_handle_methods GET POST
mod_gzip_item_exclude reqheader "User-Agent: .*Mozilla/4\..*\["
mod_gzip_item_exclude mime ^image/.*
mod_gzip_item_exclude rspheader Content-Type:image/*
mod_gzip_item_include file \.js$
mod_gzip_item_include mime ^application/javascript$
mod_gzip_item_include mime ^application/x-javascript$
mod_gzip_item_include file \.php$
mod_gzip_item_include mime ^text/html$
mod_gzip_item_include file \.css$
mod_gzip_item_include mime ^text/css$
</IfModule>
<IfModule mod_deflate.c>
# Compress content with type html, text, and css, ...
AddOutputFilterByType DEFLATE text/plain text/html text/xml text/css
AddOutputFilterByType DEFLATE application/xml application/xhtml+xml application/rss+xml application/javascript application/x-javascript
DeflateCompressionLevel 9
# Properly handle old browsers that do not support compression
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
DeflateFilterNote Input instream
DeflateFilterNote Output outstream
DeflateFilterNote Ratio ratio
LogFormat '"%r" %{outstream}n/%{instream}n (%{ratio}n%%)' deflate
<IfModule mod_headers.c>
#properly handle requests coming from behind proxies
Header append Vary User-Agent
</IfModule>
</IfModule>
<IfModule mod_rewrite.c>
# Rewrite Rules
RewriteEngine On
# Uncomment to turn on rewrite logging
#RewriteLog __LOG_DIR__/koha-intranet-rewrite.log
#RewriteLogLevel 1
RewriteCond %{QUERY_STRING} (.*?)(?:[A-Za-z0-9_-]+)=&(.*)
#RewriteRule (.+) $1?%1%2 [N,R,NE]
RewriteRule ^/bib/([^\/]*)/?$ /cgi-bin/koha/detail\.pl?bib=$1 [PT]
RewriteRule ^/isbn/([^\/]*)/?$ /search?q=isbn:$1 [PT]
RewriteRule ^/issn/([^\/]*)/?$ /search?q=issn:$1 [PT]
</IfModule>
</VirtualHost>
View git blame Copy permalink