diff options
-rw-r--r-- | docs/sgml/installation.sgml | 35 | ||||
-rw-r--r-- | docs/xml/installation.xml | 35 |
2 files changed, 50 insertions, 20 deletions
diff --git a/docs/sgml/installation.sgml b/docs/sgml/installation.sgml index f7607d2e3..286706126 100644 --- a/docs/sgml/installation.sgml +++ b/docs/sgml/installation.sgml @@ -1724,11 +1724,14 @@ deny from all <programlisting> ns_register_filter preauth GET /bugzilla/localconfig filter_deny +ns_register_filter preauth GET /bugzilla/localconfig~ filter_deny +ns_register_filter preauth GET /bugzilla/\#localconfig\# filter_deny ns_register_filter preauth GET /bugzilla/*.pl filter_deny -ns_register_filter preauth GET /bugzilla/localconfig filter_deny ns_register_filter preauth GET /bugzilla/syncshadowdb filter_deny ns_register_filter preauth GET /bugzilla/runtests.sh filter_deny - +ns_register_filter preauth GET /bugzilla/data/* filter_deny +ns_register_filter preauth GET /bugzilla/template/* filter_deny + proc filter_deny { why } { ns_log Notice "filter_deny" return "filter_return" @@ -1736,17 +1739,29 @@ proc filter_deny { why } { </programlisting> <warning> - <para>This doesn't appear to account for everything mentioned in - <xref linkend="security"/>. In particular, it doesn't block access - to the <filename class="directory">data</filename> or - <filename class="directory">template</filename> directories. It also - doesn't account for the editor backup files that were the topic of + <para>This probably doesn't account for all possible editor backup + files so you may wish to add some additional variations of + <filename>localconfig</filename>. For more information, see <ulink url="http://bugzilla.mozilla.org/show_bug.cgi?id=186383">bug - 186383</ulink>, <ulink - url="http://online.securityfocus.com/bid/6501">Bugtraq ID 6501</ulink>, - and a partial cause for the 2.16.2 release. + 186383</ulink> or <ulink + url="http://online.securityfocus.com/bid/6501">Bugtraq ID 6501</ulink>. </para> </warning> + + <note> + <para>If you are using webdot from research.att.com (the default + configuration for the <option>webdotbase</option> paramater), you + will need to allow access to <filename>data/webdot/*.dot</filename> + for the reasearch.att.com machine. + </para> + <para>If you are using a local installation of <ulink + url="http://www.graphviz.org">GraphViz</ulink>, you will need to allow + everybody to access <filename>*.png</filename>, + <filename>*.gif</filename>, <filename>*.jpg</filename>, and + <filename>*.map</filename> in the + <filename class="directory">data/webdot</filename> directory. + </para> + </note> </section> </section> diff --git a/docs/xml/installation.xml b/docs/xml/installation.xml index f7607d2e3..286706126 100644 --- a/docs/xml/installation.xml +++ b/docs/xml/installation.xml @@ -1724,11 +1724,14 @@ deny from all <programlisting> ns_register_filter preauth GET /bugzilla/localconfig filter_deny +ns_register_filter preauth GET /bugzilla/localconfig~ filter_deny +ns_register_filter preauth GET /bugzilla/\#localconfig\# filter_deny ns_register_filter preauth GET /bugzilla/*.pl filter_deny -ns_register_filter preauth GET /bugzilla/localconfig filter_deny ns_register_filter preauth GET /bugzilla/syncshadowdb filter_deny ns_register_filter preauth GET /bugzilla/runtests.sh filter_deny - +ns_register_filter preauth GET /bugzilla/data/* filter_deny +ns_register_filter preauth GET /bugzilla/template/* filter_deny + proc filter_deny { why } { ns_log Notice "filter_deny" return "filter_return" @@ -1736,17 +1739,29 @@ proc filter_deny { why } { </programlisting> <warning> - <para>This doesn't appear to account for everything mentioned in - <xref linkend="security"/>. In particular, it doesn't block access - to the <filename class="directory">data</filename> or - <filename class="directory">template</filename> directories. It also - doesn't account for the editor backup files that were the topic of + <para>This probably doesn't account for all possible editor backup + files so you may wish to add some additional variations of + <filename>localconfig</filename>. For more information, see <ulink url="http://bugzilla.mozilla.org/show_bug.cgi?id=186383">bug - 186383</ulink>, <ulink - url="http://online.securityfocus.com/bid/6501">Bugtraq ID 6501</ulink>, - and a partial cause for the 2.16.2 release. + 186383</ulink> or <ulink + url="http://online.securityfocus.com/bid/6501">Bugtraq ID 6501</ulink>. </para> </warning> + + <note> + <para>If you are using webdot from research.att.com (the default + configuration for the <option>webdotbase</option> paramater), you + will need to allow access to <filename>data/webdot/*.dot</filename> + for the reasearch.att.com machine. + </para> + <para>If you are using a local installation of <ulink + url="http://www.graphviz.org">GraphViz</ulink>, you will need to allow + everybody to access <filename>*.png</filename>, + <filename>*.gif</filename>, <filename>*.jpg</filename>, and + <filename>*.map</filename> in the + <filename class="directory">data/webdot</filename> directory. + </para> + </note> </section> </section> |