diff options
author | Marc Alexander <admin@m-a-styles.de> | 2016-11-13 11:50:23 +0100 |
---|---|---|
committer | Marc Alexander <admin@m-a-styles.de> | 2016-11-13 11:50:23 +0100 |
commit | 7ba9b06881ddd70bd3b10e2785b91908e851cdaa (patch) | |
tree | 98ab1350671591454adb6b24cd37507a667b5e22 | |
parent | [ticket/security-181] Deny access to migrations folders (diff) | |
download | phpbb-7ba9b06881ddd70bd3b10e2785b91908e851cdaa.tar.gz phpbb-7ba9b06881ddd70bd3b10e2785b91908e851cdaa.tar.bz2 phpbb-7ba9b06881ddd70bd3b10e2785b91908e851cdaa.zip |
[ticket/security-181] Port .htaccess changes to other webserver types
SECURITY-181
-rw-r--r-- | phpBB/docs/lighttpd.sample.conf | 2 | ||||
-rw-r--r-- | phpBB/docs/nginx.sample.conf | 2 | ||||
-rw-r--r-- | phpBB/web.config | 3 |
3 files changed, 5 insertions, 2 deletions
diff --git a/phpBB/docs/lighttpd.sample.conf b/phpBB/docs/lighttpd.sample.conf index 5b04122267..f5b509e002 100644 --- a/phpBB/docs/lighttpd.sample.conf +++ b/phpBB/docs/lighttpd.sample.conf @@ -37,7 +37,7 @@ $HTTP["host"] == "www.myforums.com" { accesslog.filename = "/var/log/lighttpd/access-www.myforums.com.log" # Deny access to internal phpbb files. - $HTTP["url"] =~ "^/(config\.php|common\.php|includes|cache|files|store|images/avatars/upload)" { + $HTTP["url"] =~ "^/(config\.php|common\.php|cache|files|images/avatars/upload|includes|phpbb|store|vendor)" { url.access-deny = ( "" ) } diff --git a/phpBB/docs/nginx.sample.conf b/phpBB/docs/nginx.sample.conf index 2ead3552fd..bf33f4e73d 100644 --- a/phpBB/docs/nginx.sample.conf +++ b/phpBB/docs/nginx.sample.conf @@ -72,7 +72,7 @@ http { } # Deny access to internal phpbb files. - location ~ /(config\.php|common\.php|includes|cache|files|store|images/avatars/upload) { + location ~ /(config\.php|common\.php|cache|files|images/avatars/upload|includes|phpbb|store|vendor) { deny all; # deny was ignored before 0.8.40 for connections over IPv6. # Use internal directive to prohibit access on older versions. diff --git a/phpBB/web.config b/phpBB/web.config index 99a1fe6023..d0a3cb33fe 100644 --- a/phpBB/web.config +++ b/phpBB/web.config @@ -18,7 +18,10 @@ <hiddenSegments> <add segment="cache" /> <add segment="files" /> + <add segment="includes" /> + <add segment="phpbb" /> <add segment="store" /> + <add segment="vendor" /> <add segment="config.php" /> <add segment="common.php" /> </hiddenSegments> |