From c0c8a46be7b61539cd920e1cf51791e38c99813b Mon Sep 17 00:00:00 2001 From: Tomas Cohen Arazi Date: Wed, 13 Mar 2013 14:24:20 -0300 Subject: [PATCH] Bug 9812 - Forbid access to several files through the browser This patch hides (-Indexes) and forbids (Deny from all) access to some stuff through a browser. Specifically "xlst", "modules" and "includes" dirs and its contents. This is just a quick fix we talked about at IRC. The proper solution would be to remove this from htdocs which will still be needed. Signed-off-by: Chris Cormack Signed-off-by: Jonathan Druart Signed-off-by: Chris Cormack --- etc/koha-httpd.conf | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/etc/koha-httpd.conf b/etc/koha-httpd.conf index dc82d08a39..9233b53fff 100644 --- a/etc/koha-httpd.conf +++ b/etc/koha-httpd.conf @@ -20,6 +20,16 @@ SetEnv MEMCACHED_SERVERS "__MEMCACHED_SERVERS__" SetEnv MEMCACHED_NAMESPACE "__MEMCACHED_NAMESPACE__" + + Options -Indexes + + + # Secure internal stuff + + Order deny,allow + Deny from all + + mod_gzip_on yes mod_gzip_dechunk yes @@ -119,6 +129,16 @@ ErrorDocument 404 /cgi-bin/koha/errors/404.pl ErrorDocument 500 /cgi-bin/koha/errors/500.pl + + Options -Indexes + + + # Secure internal stuff + + Order deny,allow + Deny from all + + mod_gzip_on yes mod_gzip_dechunk yes -- 2.39.5