diff options
| author | Jochen Wiedmann <jochen.wiedmann@gmail.com> | 2015-02-02 17:37:38 +0100 |
|---|---|---|
| committer | David Lawrence <dkl@mozilla.com> | 2015-02-02 17:37:38 +0100 |
| commit | 64250f2a4ef73d8b2686d275dc39aee4d389b0e6 (patch) | |
| tree | 175782cc9d29b6bec36204215cfebd821c13467b | |
| parent | 98fe072336b3cd8a2b6fc64a8a2d0183d8448a92 (diff) | |
| download | bugzilla-64250f2a4ef73d8b2686d275dc39aee4d389b0e6.tar.gz bugzilla-64250f2a4ef73d8b2686d275dc39aee4d389b0e6.tar.xz | |
Bug 1121477: Support for Apache HTTPD 2.4
r=dkl,a=glob
| -rw-r--r-- | .htaccess | 12 | ||||
| -rw-r--r-- | Bugzilla/Install/Filesystem.pm | 99 |
2 files changed, 101 insertions, 10 deletions
@@ -1,6 +1,16 @@ # Don't allow people to retrieve non-cgi executable files or our private data <FilesMatch (\.pm|\.pl|\.tmpl|localconfig.*)$> - deny from all + <IfModule mod_version.c> + <IfVersion <= 2.2> + Deny from all + </IfVersion> + <IfVersion > 2.2> + Require all denied + </IfVersion> + </IfModule> + <IfModule !mod_version.c> + Deny from all + </IfModule> </FilesMatch> Options -Indexes diff --git a/Bugzilla/Install/Filesystem.pm b/Bugzilla/Install/Filesystem.pm index 64b651c62..f28d6699b 100644 --- a/Bugzilla/Install/Filesystem.pm +++ b/Bugzilla/Install/Filesystem.pm @@ -47,7 +47,17 @@ our @EXPORT = qw( use constant HT_DEFAULT_DENY => <<EOT; # nothing in this directory is retrievable unless overridden by an .htaccess # in a subdirectory -deny from all +<IfModule mod_version.c> + <IfVersion <= 2.2> + Deny from all + </IfVersion> + <IfVersion > 2.2> + Require all denied + </IfVersion> +</IfModule> +<IfModule !mod_version.c> + Deny from all +</IfModule> EOT ############### @@ -340,11 +350,31 @@ EOT "$graphsdir/.htaccess" => { perms => WS_SERVE, contents => <<EOT # Allow access to .png and .gif files. <FilesMatch (\\.gif|\\.png)\$> - Allow from all + <IfModule mod_version.c> + <IfVersion <= 2.2> + Allow from all + </IfVersion> + <IfVersion > 2.2> + Require all granted + </IfVersion> + </IfModule> + <IfModule !mod_version.c> + Allow from all + </IfModule> </FilesMatch> # And no directory listings, either. -Deny from all +<IfModule mod_version.c> + <IfVersion <= 2.2> + Deny from all + </IfVersion> + <IfVersion > 2.2> + Require all denied + </IfVersion> +</IfModule> +<IfModule !mod_version.c> + Deny from all +</IfModule> EOT }, @@ -353,28 +383,79 @@ EOT # generated .dot files. Uncomment this section and replace the IP address with # the IP address of your webdot server. #<FilesMatch \\.dot\$> -# Allow from 127.0.0.1/24 -# Deny from all +# <IfModule mod_version.c> +# <IfVersion <= 2.2> +# Allow from 127.0.0.1/24 +# Deny from all +# </IfVersion> +# <IfVersion > 2.2> +# Require ip 127.0.0.1/24 +# Require all denied +# </IfModule> +# <IfModule !mod_version.c> +# Allow from 127.0.0.1/24 +# Deny from all +# </IfModule> #</FilesMatch> # Allow access to .png files created by a local copy of 'dot' <FilesMatch \\.png\$> - Allow from all + <IfModule mod_version.c> + <IfVersion <= 2.2> + Allow from all + </IfVersion> + <IfVersion > 2.2> + Require all granted + </IfVersion> + </IfModule> + <IfModule !mod_version.c> + Allow from all + </IfModule> </FilesMatch> # And no directory listings, either. -Deny from all +<IfModule mod_version.c> + <IfVersion <= 2.2> + Deny from all + </IfVersion> + <IfVersion > 2.2> + Require all denied + </IfVersion> +</IfModule> +<IfModule !mod_version.c> + Deny from all +</IfModule> EOT }, "$assetsdir/.htaccess" => { perms => WS_SERVE, contents => <<EOT # Allow access to .css files <FilesMatch \\.(css|js)\$> - Allow from all + <IfModule mod_version.c> + <IfVersion <= 2.2> + Allow from all + </IfVersion> + <IfVersion > 2.2> + Require all granted + </IfVersion> + </IfModule> + <IfModule !mod_version.c> + Allow from all + </IfModule> </FilesMatch> # And no directory listings, either. -Deny from all +<IfModule mod_version.c> + <IfVersion <= 2.2> + Deny from all + </IfVersion> + <IfVersion > 2.2> + Require all denied + </IfVersion> +</IfModule> +<IfModule !mod_version.c> + Deny from all +</IfModule> EOT }, |