diff options
author | Frédéric Buclin <LpSolit@gmail.com> | 2012-08-29 00:06:46 +0200 |
---|---|---|
committer | Frédéric Buclin <LpSolit@gmail.com> | 2012-08-29 00:06:46 +0200 |
commit | 913f68b91f16bd364d9709c85ac120f061913087 (patch) | |
tree | e5b7aec44dfc532e4c759b8c0d56c90d3771dd86 | |
parent | a3b0a94e697ed4478cde8de2fb22e9545dc41c8e (diff) | |
download | bugzilla-913f68b91f16bd364d9709c85ac120f061913087.tar.gz bugzilla-913f68b91f16bd364d9709c85ac120f061913087.tar.xz |
Bug 785511: Prevent directory browsing, especially in docs/ and extensions/
r=dkl a=LpSolit
-rw-r--r-- | .htaccess | 3 | ||||
-rw-r--r-- | docs/en/xml/installation.xml | 11 |
2 files changed, 9 insertions, 5 deletions
@@ -2,6 +2,9 @@ <FilesMatch ^(.*\.pm|.*\.pl|.*localconfig.*)$> deny from all </FilesMatch> + +Options -Indexes + <IfModule mod_expires.c> <IfModule mod_headers.c> <IfModule mod_env.c> diff --git a/docs/en/xml/installation.xml b/docs/en/xml/installation.xml index 8c5c29b8e..18de454b9 100644 --- a/docs/en/xml/installation.xml +++ b/docs/en/xml/installation.xml @@ -1056,19 +1056,20 @@ SetEnv LD_LIBRARY_PATH /u01/app/oracle/product/10.2.0/lib/ <programlisting> <Directory /var/www/html/bugzilla> AddHandler cgi-script .cgi -Options +Indexes +ExecCGI -DirectoryIndex index.cgi -AllowOverride Limit FileInfo Indexes +Options +ExecCGI +DirectoryIndex index.cgi index.html +AllowOverride Limit FileInfo Indexes Options </Directory> </programlisting> <para> These instructions: allow apache to run .cgi files found within the bugzilla directory; instructs the server to look - for a file called <filename>index.cgi</filename> if someone + for a file called <filename>index.cgi</filename> or, if not + found, <filename>index.html</filename> if someone only types the directory name into the browser; and allows Bugzilla's <filename>.htaccess</filename> files to override - global permissions. + some global permissions. </para> <note> |