makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-08 04:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #6676 from marc1706/ticket/16890

Browse source 
[ticket/16890] Deny access to config file and folder in nginx sample
This commit is contained in:
Marc Alexander 2024-07-06 13:01:50 +02:00
commit c790e81fb6
No known key found for this signature in database
GPG key ID: 50E0D2423696F995
2 changed files with 14 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
phpBB/docs/lighttpd.sample.conf
View file

@ -1,7 +1,7 @@
# Sample lighttpd configuration file for phpBB. # Sample lighttpd configuration file for phpBB.
# Global settings have been removed, copy them # Global settings have been removed, copy them
# from your system's lighttpd.conf. # from your system's lighttpd.conf.
# Tested with lighttpd 1.4.35 # Tested with lighttpd 1.4.36
# If you want to use the X-Sendfile feature, # If you want to use the X-Sendfile feature,
# uncomment the 'allow-x-send-file' for the fastcgi # uncomment the 'allow-x-send-file' for the fastcgi
@ -13,7 +13,7 @@
# for the details on X-Sendfile. # for the details on X-Sendfile.
# Load moules # Load moules
server.modules += ( server.modules += (
"mod_access", "mod_access",
"mod_fastcgi", "mod_fastcgi",
"mod_rewrite", "mod_rewrite",
@ -32,12 +32,12 @@ $HTTP["host"] == "www.myforums.com" {
server.name = "www.myforums.com" server.name = "www.myforums.com"
server.document-root = "/path/to/phpbb" server.document-root = "/path/to/phpbb"
server.dir-listing = "disable" server.dir-listing = "disable"
index-file.names = ( "index.php", "index.htm", "index.html" ) index-file.names = ( "index.php", "index.htm", "index.html" )
accesslog.filename = "/var/log/lighttpd/access-www.myforums.com.log" accesslog.filename = "/var/log/lighttpd/access-www.myforums.com.log"
# Deny access to internal phpbb files. # Deny access to internal phpbb files.
$HTTP["url"] =~ "^/(config\.php|common\.php|cache|files|images/avatars/upload|includes|phpbb|store|vendor)" { $HTTP["url"] =~ "^/(config|common\.php|cache|files|images/avatars/upload|includes|phpbb|store|vendor)" {
url.access-deny = ( "" ) url.access-deny = ( "" )
} }
@ -45,27 +45,28 @@ $HTTP["host"] == "www.myforums.com" {
$HTTP["url"] =~ "/\.svn|/\.git" { $HTTP["url"] =~ "/\.svn|/\.git" {
url.access-deny = ( "" ) url.access-deny = ( "" )
} }
# Deny access to apache configuration files. # Deny access to apache configuration files.
$HTTP["url"] =~ "/\.htaccess|/\.htpasswd|/\.htgroups" { $HTTP["url"] =~ "/\.htaccess|/\.htpasswd|/\.htgroups" {
url.access-deny = ( "" ) url.access-deny = ( "" )
} }
# The following 3 lines will rewrite URLs passed through the front controller # The following 3 lines will rewrite URLs passed through the front controller
# to not require app.php in the actual URL. In other words, a controller is # to not require app.php in the actual URL. In other words, a controller is
# by default accessed at /app.php/my/controller, but can also be accessed at # by default accessed at /app.php/my/controller, but can also be accessed at
# /my/controller # /my/controller
url.rewrite-if-not-file = ( url.rewrite-if-not-file = (
"^/(.*)$" => "/app.php/$1" "^/install/(.*)$" => "/install/app.php/$1",
"^/(.*)$" => "/app.php/$1"
) )
fastcgi.server = ( ".php" => fastcgi.server = ( ".php" =>
(( ((
"bin-path" => "/usr/bin/php-cgi", "bin-path" => "/usr/bin/php-cgi",
"socket" => "/tmp/php.socket", "socket" => "/tmp/php.socket",
"max-procs" => 4, "max-procs" => 4,
"idle-timeout" => 30, "idle-timeout" => 30,
"bin-environment" => ( "bin-environment" => (
"PHP_FCGI_CHILDREN" => "10", "PHP_FCGI_CHILDREN" => "10",
"PHP_FCGI_MAX_REQUESTS" => "10000" "PHP_FCGI_MAX_REQUESTS" => "10000"
), ),

2
phpBB/docs/nginx.sample.conf
View file

@ -63,7 +63,7 @@ server {
} }
# Deny access to internal phpbb files. # Deny access to internal phpbb files.
location ~ /(config\.php|common\.php|cache|files|images/avatars/upload|includes|(?<!ext/)phpbb(?!\w+)|store|vendor) { location ~ /(config|common\.php|cache|files|images/avatars/upload|includes|(?<!ext/)phpbb(?!\w+)|store|vendor) {
deny all; deny all;
# deny was ignored before 0.8.40 for connections over IPv6. # deny was ignored before 0.8.40 for connections over IPv6.
# Use internal directive to prohibit access on older versions. # Use internal directive to prohibit access on older versions.