makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-07 20:08:53 +00:00
Code Issues Projects Releases Packages Wiki Activity

[ticket/security-181] Port .htaccess changes to other webserver types

Browse source 
SECURITY-181
This commit is contained in:
Marc Alexander 2016-11-13 11:50:23 +01:00
parent 61683f895c
commit 7ba9b06881
No known key found for this signature in database
GPG key ID: 50E0D2423696F995
3 changed files with 5 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
phpBB/docs/lighttpd.sample.conf
View file

@ -37,7 +37,7 @@ $HTTP["host"] == "www.myforums.com" {
accesslog.filename = "/var/log/lighttpd/access-www.myforums.com.log"
# Deny access to internal phpbb files.
$HTTP["url"] =~ "^/(config\.php|common\.php|includes|cache|files|store|images/avatars/upload)" {
$HTTP["url"] =~ "^/(config\.php|common\.php|cache|files|images/avatars/upload|includes|phpbb|store|vendor)" {
url.access-deny = ( "" )
}

2
phpBB/docs/nginx.sample.conf
View file

@ -72,7 +72,7 @@ http {
}
# Deny access to internal phpbb files.
location ~ /(config\.php|common\.php|includes|cache|files|store|images/avatars/upload) {
location ~ /(config\.php|common\.php|cache|files|images/avatars/upload|includes|phpbb|store|vendor) {
deny all;
# deny was ignored before 0.8.40 for connections over IPv6.
# Use internal directive to prohibit access on older versions.

3
phpBB/web.config
View file

@ -18,7 +18,10 @@
<hiddenSegments>
<add segment="cache" />
<add segment="files" />
<add segment="includes" />
<add segment="phpbb" />
<add segment="store" />
<add segment="vendor" />
<add segment="config.php" />
<add segment="common.php" />
</hiddenSegments>