makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-08 04:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #6682 from marc1706/ticket/16213-master

Browse source 
[ticket/16213] Add .htaccess for phpbb and vendor folders -- master version
This commit is contained in:
Marc Alexander 2024-07-28 20:56:10 +02:00
commit f142f07f46
No known key found for this signature in database
GPG key ID: 50E0D2423696F995
4 changed files with 34 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
build/build.xml
View file

@ -181,7 +181,7 @@
<!-- create an empty config.php file (not for diffs) --> <!-- create an empty config.php file (not for diffs) -->
<touch file="build/new_version/phpBB3/config.php" /> <touch file="build/new_version/phpBB3/config.php" />
<copy file="build/new_version/phpBB3/phpbb/.htaccess" tofile="build/new_version/phpBB3/vendor/.htaccess" /> <copy file="build/new_version/phpBB3/vendor-ext/.htaccess" tofile="build/new_version/phpBB3/vendor/.htaccess" />
</target> </target>

2
phpBB/docs/lighttpd.sample.conf
View file

@ -28,7 +28,7 @@ $HTTP["host"] == "www.myforums.com" {
accesslog.filename = "/var/log/lighttpd/access-www.myforums.com.log" accesslog.filename = "/var/log/lighttpd/access-www.myforums.com.log"
# Deny access to internal phpbb files. # Deny access to internal phpbb files.
$HTTP["url"] =~ "^/(config|common\.php|cache|files|images/avatars/upload|includes|phpbb|store|vendor)" { $HTTP["url"] =~ "^/(config|common\.php|cache|files|images/avatars/upload|includes|phpbb|store|vendor|vendor-ext)" {
url.access-deny = ( "" ) url.access-deny = ( "" )
} }

8
phpBB/docs/nginx.sample.conf
View file

@ -55,7 +55,7 @@ server {
} }
# Deny access to internal phpbb files. # Deny access to internal phpbb files.
location ~ /(config|common\.php|cache|files|images/avatars/upload|includes|(?<!ext/)phpbb(?!\w+)|store|vendor) { location ~ /(config|common\.php|cache|files|images/avatars/upload|includes|(?<!ext/)phpbb(?!\w+)|store|vendor|vendor-ext) {
deny all; deny all;
# deny was ignored before 0.8.40 for connections over IPv6. # deny was ignored before 0.8.40 for connections over IPv6.
# Use internal directive to prohibit access on older versions. # Use internal directive to prohibit access on older versions.
@ -92,4 +92,10 @@ server {
deny all; deny all;
internal; internal;
} }
# Deny access to apache configuration files.
location ~ /\.htaccess|/\.htpasswd|/\.htgroups {
deny all;
internal;
}
} }

25
phpBB/vendor-ext/.htaccess Normal file
View file

@ -0,0 +1,25 @@
# With Apache 2.4 the "Order, Deny" syntax has been deprecated and moved from
# module mod_authz_host to a new module called mod_access_compat (which may be
# disabled) and a new "Require" syntax has been introduced to mod_authz_core.
# We could just conditionally provide both versions, but unfortunately Apache
# does not explicitly tell us its version if the module mod_version is not
# available. In this case, we check for the availability of module
# mod_authz_core (which should be on 2.4 or higher only) as a best guess.
<IfModule mod_version.c>
<IfVersion < 2.4>
Order Allow,Deny
Deny from All
</IfVersion>
<IfVersion >= 2.4>
Require all denied
</IfVersion>
</IfModule>
<IfModule !mod_version.c>
<IfModule !mod_authz_core.c>
Order Allow,Deny
Deny from All
</IfModule>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
</IfModule>