From 83cf63f7a8c3bcb972afcb3c0dbed6cad8ba19c5 Mon Sep 17 00:00:00 2001 From: Tomas Cohen Arazi Date: Wed, 13 Mar 2013 14:24:20 -0300 Subject: [PATCH] Bug 9812 - Forbid access to several files through the browser This patch hides (-Indexes) and forbids (Deny from all) access to some stuff through a browser. Specifically "xlst", "modules" and "includes" dirs and its contents. This is just a quick fix we talked about at IRC. The proper solution would be to remove this from htdocs which will still be needed. Signed-off-by: Chris Cormack Signed-off-by: Jonathan Druart Signed-off-by: Jared Camins-Esakov I do not have an installation that uses Apache at this point, but the changes look correct and this was signed off and QAed by Chris and Jonathan, both of whom have Apache installations. --- etc/koha-httpd.conf | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/etc/koha-httpd.conf b/etc/koha-httpd.conf index 67c54f09a4..dd5ec4185c 100644 --- a/etc/koha-httpd.conf +++ b/etc/koha-httpd.conf @@ -20,6 +20,16 @@ SetEnv MEMCACHED_SERVERS "__MEMCACHED_SERVERS__" SetEnv MEMCACHED_NAMESPACE "__MEMCACHED_NAMESPACE__" + + Options -Indexes + + + # Secure internal stuff + + Order deny,allow + Deny from all + + mod_gzip_on yes mod_gzip_dechunk yes @@ -122,6 +132,16 @@ ErrorDocument 404 /cgi-bin/koha/errors/404.pl ErrorDocument 500 /cgi-bin/koha/errors/500.pl + + Options -Indexes + + + # Secure internal stuff + + Order deny,allow + Deny from all + + mod_gzip_on yes mod_gzip_dechunk yes -- 2.39.5