Marcel de Rooy
95dc574501
As a simple alternative to the solution in bug 9949 or just as an
additional measure, this patch adds a rewrite rule for intranet
in order to intercept potential misuse of perl scripts that could be
reached on a dev package install via the cgi-bin/koha scriptalias.
It simply rewrites them to the nonexistent "notfound", resulting in a
regular 404 error.
The rewrite rule does not harm regular installs and is just a little extra
step in securing a dev install. You should have more security measures in
place to secure your staff client.
QA Note: Although a rewrite rule may not be our first choice, this one
rule is more elegant and easier to maintain than e.g. a whole bunch of
aliases.
Note: This patch should have a regular and a dev install signoff.
Test plan:
[1] Make sure that this rewrite rule is inserted in your actual apache
config via /etc/koha/apache-shared-intranet.conf. Restart Apache.
[2] For regular package installs:
Try one of the URLs in step 3.
Verify that your staff client still operates as usual. Test a few
URLs inside some modules.
[3] For dev installs:
Try some URLs like below.
Expect 404 errors only, not 500s. If you do not see a 404, go back!
/misc/stage_file.pl
/t/db_dependent/default_search_class.pl
/installer/data/mysql/updatedatabase.pl
/Makefile.PL
[4] Do you see an additional directory to add to the regex? Please report.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
|
||
|---|---|---|
| .. | ||
| docs | ||
| scripts | ||
| source | ||
| templates | ||
| bd-to-depends | ||
| build-git-snapshot | ||
| changelog | ||
| compat | ||
| control | ||
| control.in | ||
| copyright | ||
| koha-common.bash-completion | ||
| koha-common.config | ||
| koha-common.cron.d | ||
| koha-common.cron.daily | ||
| koha-common.cron.hourly | ||
| koha-common.cron.monthly | ||
| koha-common.default | ||
| koha-common.dirs | ||
| koha-common.docs | ||
| koha-common.init | ||
| koha-common.install | ||
| koha-common.links | ||
| koha-common.logrotate | ||
| koha-common.postinst | ||
| koha-common.preinst | ||
| koha-common.README.Debian | ||
| koha-common.templates | ||
| koha-post-install-setup | ||
| koha.apache-ports | ||
| koha.config | ||
| koha.dirs | ||
| koha.install | ||
| koha.postinst | ||
| koha.postrm | ||
| koha.prerm | ||
| koha.README.Debian | ||
| list-deps | ||
| README.build | ||
| rules | ||
| unavailable.html | ||
| update-control | ||
In order to build .deb packages, following debian packages need to be present (installed): devscripts pbuilder dh-make fakeroot As root (or sudo) execute: pbuilder create Executing build-git-snapshot without any arguments will leave package and the rest in some pbuilder dir, eg. /var/cache/pbuilder/result It is highly recommended that --buildresult option is used.