diff options
Diffstat (limited to 'docs/html/security.html')
-rw-r--r-- | docs/html/security.html | 149 |
1 files changed, 2 insertions, 147 deletions
diff --git a/docs/html/security.html b/docs/html/security.html index dc4b5b7c4..8d1b047d0 100644 --- a/docs/html/security.html +++ b/docs/html/security.html @@ -446,156 +446,11 @@ CLASS="filename" is provided for those that want to know exactly what is created. </P ><P ->Note the instructions which follow are Apache-specific. If you +>FIX ME BEFORE RELEASE!!!!! + Note the instructions which follow are Apache-specific. If you use IIS, Netscape, or other non-Apache web servers, please consult your system documentation for how to secure these files from being transmitted to curious users.</P -><P -><TT -CLASS="filename" ->$BUGZILLA_HOME/.htaccess</TT -> - <TABLE -BORDER="0" -BGCOLOR="#E0E0E0" -WIDTH="100%" -><TR -><TD -><FONT -COLOR="#000000" -><PRE -CLASS="programlisting" -> # don't allow people to retrieve non-cgi executable files or our private data -<FilesMatch ^(.*\.pl|.*localconfig.*|processmail|runtests.sh)$> - deny from all -</FilesMatch> -<FilesMatch ^(localconfig.js|localconfig.rdf)$> - allow from all -</FilesMatch> - </PRE -></FONT -></TD -></TR -></TABLE -> - </P -><P -><TT -CLASS="filename" ->$BUGZILLA_HOME/data/.htaccess</TT -> - <TABLE -BORDER="0" -BGCOLOR="#E0E0E0" -WIDTH="100%" -><TR -><TD -><FONT -COLOR="#000000" -><PRE -CLASS="programlisting" -> # nothing in this directory is retrievable unless overriden by an .htaccess -# in a subdirectory; the only exception is duplicates.rdf, which is used by -# duplicates.xul and must be loadable over the web -deny from all -<Files duplicates.rdf> - allow from all -</Files> - </PRE -></FONT -></TD -></TR -></TABLE -> - </P -><P -><TT -CLASS="filename" ->$BUGZILLA_HOME/data/webdot</TT -> - <TABLE -BORDER="0" -BGCOLOR="#E0E0E0" -WIDTH="100%" -><TR -><TD -><FONT -COLOR="#000000" -><PRE -CLASS="programlisting" -> # Restrict access to .dot files to the public webdot server at research.att.com -# if research.att.com ever changed their IP, or if you use a different -# webdot server, you'll need to edit this -<FilesMatch ^[0-9]+\.dot$> - Allow from 192.20.225.10 - Deny from all -</FilesMatch> - -# Allow access by a local copy of 'dot' to .png, .gif, .jpg, and -# .map files -<FilesMatch ^[0-9]+\.(png|gif|jpg|map)$> - Allow from all -</FilesMatch> - -# And no directory listings, either. -Deny from all - </PRE -></FONT -></TD -></TR -></TABLE -> - </P -><P -><TT -CLASS="filename" ->$BUGZILLA_HOME/Bugzilla/.htaccess</TT -> - <TABLE -BORDER="0" -BGCOLOR="#E0E0E0" -WIDTH="100%" -><TR -><TD -><FONT -COLOR="#000000" -><PRE -CLASS="programlisting" -> # nothing in this directory is retrievable unless overriden by an .htaccess -# in a subdirectory -deny from all - </PRE -></FONT -></TD -></TR -></TABLE -> - </P -><P -><TT -CLASS="filename" ->$BUGZILLA_HOME/template/.htaccess</TT -> - <TABLE -BORDER="0" -BGCOLOR="#E0E0E0" -WIDTH="100%" -><TR -><TD -><FONT -COLOR="#000000" -><PRE -CLASS="programlisting" -> # nothing in this directory is retrievable unless overriden by an .htaccess -# in a subdirectory -deny from all - </PRE -></FONT -></TD -></TR -></TABLE -> - </P ></LI ></OL > |