makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-10 13:28:55 +00:00
Code Issues Projects Releases Packages Wiki Activity

[ticket/security-181] Deny access to migrations folders

Browse source 
SECURITY-181
This commit is contained in:
Marc Alexander 2016-11-13 11:43:17 +01:00
parent 372324cead
commit 61683f895c
No known key found for this signature in database
GPG key ID: 50E0D2423696F995
3 changed files with 99 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
phpBB/phpbb/db/migration/data/v30x/.htaccess Normal file
View file

@ -0,0 +1,33 @@
# With Apache 2.4 the "Order, Deny" syntax has been deprecated and moved from
# module mod_authz_host to a new module called mod_access_compat (which may be
# disabled) and a new "Require" syntax has been introduced to mod_authz_host.
# We could just conditionally provide both versions, but unfortunately Apache
# does not explicitly tell us its version if the module mod_version is not
# available. In this case, we check for the availability of module
# mod_authz_core (which should be on 2.4 or higher only) as a best guess.
<IfModule mod_version.c>
<IfVersion < 2.4>
<Files "*">
Order Allow,Deny
Deny from All
</Files>
</IfVersion>
<IfVersion >= 2.4>
<Files "*">
Require all denied
</Files>
</IfVersion>
</IfModule>
<IfModule !mod_version.c>
<IfModule !mod_authz_core.c>
<Files "*">
Order Allow,Deny
Deny from All
</Files>
</IfModule>
<IfModule mod_authz_core.c>
<Files "*">
Require all denied
</Files>
</IfModule>
</IfModule>

33
phpBB/phpbb/db/migration/data/v310/.htaccess Normal file
View file

@ -0,0 +1,33 @@
# With Apache 2.4 the "Order, Deny" syntax has been deprecated and moved from
# module mod_authz_host to a new module called mod_access_compat (which may be
# disabled) and a new "Require" syntax has been introduced to mod_authz_host.
# We could just conditionally provide both versions, but unfortunately Apache
# does not explicitly tell us its version if the module mod_version is not
# available. In this case, we check for the availability of module
# mod_authz_core (which should be on 2.4 or higher only) as a best guess.
<IfModule mod_version.c>
<IfVersion < 2.4>
<Files "*">
Order Allow,Deny
Deny from All
</Files>
</IfVersion>
<IfVersion >= 2.4>
<Files "*">
Require all denied
</Files>
</IfVersion>
</IfModule>
<IfModule !mod_version.c>
<IfModule !mod_authz_core.c>
<Files "*">
Order Allow,Deny
Deny from All
</Files>
</IfModule>
<IfModule mod_authz_core.c>
<Files "*">
Require all denied
</Files>
</IfModule>
</IfModule>

33
phpBB/phpbb/db/migration/data/v31x/.htaccess Normal file
View file

@ -0,0 +1,33 @@
# With Apache 2.4 the "Order, Deny" syntax has been deprecated and moved from
# module mod_authz_host to a new module called mod_access_compat (which may be
# disabled) and a new "Require" syntax has been introduced to mod_authz_host.
# We could just conditionally provide both versions, but unfortunately Apache
# does not explicitly tell us its version if the module mod_version is not
# available. In this case, we check for the availability of module
# mod_authz_core (which should be on 2.4 or higher only) as a best guess.
<IfModule mod_version.c>
<IfVersion < 2.4>
<Files "*">
Order Allow,Deny
Deny from All
</Files>
</IfVersion>
<IfVersion >= 2.4>
<Files "*">
Require all denied
</Files>
</IfVersion>
</IfModule>
<IfModule !mod_version.c>
<IfModule !mod_authz_core.c>
<Files "*">
Order Allow,Deny
Deny from All
</Files>
</IfModule>
<IfModule mod_authz_core.c>
<Files "*">
Require all denied
</Files>
</IfModule>
</IfModule>