From cb7c382b99f1f33a891ed03d8d783395e267ac96 Mon Sep 17 00:00:00 2001 From: Lars Hippler Date: Fri, 8 Mar 2019 09:31:59 +0100 Subject: [PATCH] Secure the server: prevent the users from browsing/getting files from the conf directories. With Apache, it is still a must to enable htaccess with the spec "AllowOverride All". The index.php files are here to prevent from browsing whatever the HTTP server config. --- .gitignore | 7 ++++++- conf/.htaccess | 13 +++++++++++++ conf/index.php | 2 ++ conf/web.config | 8 ++++++++ 4 files changed, 29 insertions(+), 1 deletion(-) create mode 100644 conf/.htaccess create mode 100644 conf/index.php create mode 100644 conf/web.config diff --git a/.gitignore b/.gitignore index 70f08e79f..86acca7ad 100644 --- a/.gitignore +++ b/.gitignore @@ -1,9 +1,14 @@ # no slash at the end to handle also symlinks /toolkit -/conf /env-* +# listing prevention in conf directory +/conf/** +!/conf/.htaccess +!/conf/index.php +!/conf/web.config + # composer reserver directory, from sources, populate/update using "composer install" vendor/* test/vendor/* diff --git a/conf/.htaccess b/conf/.htaccess new file mode 100644 index 000000000..782472c78 --- /dev/null +++ b/conf/.htaccess @@ -0,0 +1,13 @@ +# Apache 2.4 + +Require all denied + + +# Apache 2.2 + +deny from all +Satisfy All + + +# Apache 2.2 and 2.4 +IndexIgnore * diff --git a/conf/index.php b/conf/index.php new file mode 100644 index 000000000..112807643 --- /dev/null +++ b/conf/index.php @@ -0,0 +1,2 @@ + + + + + + + + \ No newline at end of file