From 8f97887683581555187caf6bfe4d1f21c5780341 Mon Sep 17 00:00:00 2001 From: ftc2 Date: Sun, 1 Oct 2017 22:57:21 -0600 Subject: [PATCH] [ticket/15385] nginx.sample.conf: www redirection, security regex according to the latest wiki info: http://wiki.nginx.org/Pitfalls#Taxing_Rewrites `return 301` is preferred over a rewrite. also, the 'security' regex breaks some official extensions because it will match and deny access to `/ext/phpbb`. looking through the names of dirs and files containing `phpbb`, it looks like the intent of the regex was to only disallow the folder `phpbb` in the root dir and not other `/phpbb` matches. a negative lookbehind was added to specifically not match `/ext/phpbb` but still match other occurrences of `/phpbb`. Tracker ticket: https://tracker.phpbb.com/browse/PHPBB3-15385 --- phpBB/docs/nginx.sample.conf | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/phpBB/docs/nginx.sample.conf b/phpBB/docs/nginx.sample.conf index ce929b6e54..55c01a1fc9 100644 --- a/phpBB/docs/nginx.sample.conf +++ b/phpBB/docs/nginx.sample.conf @@ -18,11 +18,11 @@ http { gzip_vary on; gzip_http_version 1.1; gzip_min_length 700; - + # Compression levels over 6 do not give an appreciable improvement # in compression ratio, but take more resources. gzip_comp_level 6; - + # IE 6 and lower do not support gzip with Vary correctly. gzip_disable "msie6"; # Before nginx 0.7.63: @@ -49,9 +49,7 @@ http { server_name myforums.com; # A trick from http://wiki.nginx.org/Pitfalls#Taxing_Rewrites: - rewrite ^ http://www.myforums.com$request_uri permanent; - # Equivalent to: - #rewrite ^(.*)$ http://www.myforums.com$1 permanent; + return 301 http://www.myforums.com$request_uri; } # The actual board domain. @@ -72,7 +70,7 @@ http { } # Deny access to internal phpbb files. - location ~ /(config\.php|common\.php|cache|files|images/avatars/upload|includes|phpbb|store|vendor) { + location ~ /(config\.php|common\.php|cache|files|images/avatars/upload|includes|(?