Marcel de Rooy
95dc574501
As a simple alternative to the solution in bug 9949 or just as an additional measure, this patch adds a rewrite rule for intranet in order to intercept potential misuse of perl scripts that could be reached on a dev package install via the cgi-bin/koha scriptalias. It simply rewrites them to the nonexistent "notfound", resulting in a regular 404 error. The rewrite rule does not harm regular installs and is just a little extra step in securing a dev install. You should have more security measures in place to secure your staff client. QA Note: Although a rewrite rule may not be our first choice, this one rule is more elegant and easier to maintain than e.g. a whole bunch of aliases. Note: This patch should have a regular and a dev install signoff. Test plan: [1] Make sure that this rewrite rule is inserted in your actual apache config via /etc/koha/apache-shared-intranet.conf. Restart Apache. [2] For regular package installs: Try one of the URLs in step 3. Verify that your staff client still operates as usual. Test a few URLs inside some modules. [3] For dev installs: Try some URLs like below. Expect 404 errors only, not 500s. If you do not see a 404, go back! /misc/stage_file.pl /t/db_dependent/default_search_class.pl /installer/data/mysql/updatedatabase.pl /Makefile.PL [4] Do you see an additional directory to add to the regex? Please report. Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> |
||
---|---|---|
.. | ||
apache-shared-disable.conf | ||
apache-shared-intranet-plack.conf | ||
apache-shared-intranet.conf | ||
apache-shared-opac-plack.conf | ||
apache-shared-opac.conf | ||
apache-shared.conf | ||
apache-site-https.conf.in | ||
apache-site.conf.in | ||
koha-common.conf | ||
koha-conf-site.xml.in | ||
koha-sites.conf | ||
log4perl-site.conf.in | ||
marc21-retrieval-info-auth-dom.xml | ||
marc21-retrieval-info-bib-dom.xml | ||
normarc-retrieval-info-auth-dom.xml | ||
normarc-retrieval-info-bib-dom.xml | ||
plack.psgi | ||
SIPconfig.xml | ||
unimarc-retrieval-info-auth-dom.xml | ||
unimarc-retrieval-info-bib-dom.xml | ||
zebra-authorities-dom-site.cfg.in | ||
zebra-biblios-dom-site.cfg.in | ||
zebra.passwd.in |