From 64250f2a4ef73d8b2686d275dc39aee4d389b0e6 Mon Sep 17 00:00:00 2001 From: Jochen Wiedmann Date: Mon, 2 Feb 2015 16:37:38 +0000 Subject: Bug 1121477: Support for Apache HTTPD 2.4 r=dkl,a=glob --- .htaccess | 12 ++++- Bugzilla/Install/Filesystem.pm | 99 ++++++++++++++++++++++++++++++++++++++---- 2 files changed, 101 insertions(+), 10 deletions(-) diff --git a/.htaccess b/.htaccess index 7ef20d8b6..14325d152 100644 --- a/.htaccess +++ b/.htaccess @@ -1,6 +1,16 @@ # Don't allow people to retrieve non-cgi executable files or our private data - deny from all + + + Deny from all + + 2.2> + Require all denied + + + + Deny from all + Options -Indexes diff --git a/Bugzilla/Install/Filesystem.pm b/Bugzilla/Install/Filesystem.pm index 64b651c62..f28d6699b 100644 --- a/Bugzilla/Install/Filesystem.pm +++ b/Bugzilla/Install/Filesystem.pm @@ -47,7 +47,17 @@ our @EXPORT = qw( use constant HT_DEFAULT_DENY => < + + Deny from all + + 2.2> + Require all denied + + + + Deny from all + EOT ############### @@ -340,11 +350,31 @@ EOT "$graphsdir/.htaccess" => { perms => WS_SERVE, contents => < - Allow from all + + + Allow from all + + 2.2> + Require all granted + + + + Allow from all + # And no directory listings, either. -Deny from all + + + Deny from all + + 2.2> + Require all denied + + + + Deny from all + EOT }, @@ -353,28 +383,79 @@ EOT # generated .dot files. Uncomment this section and replace the IP address with # the IP address of your webdot server. # -# Allow from 127.0.0.1/24 -# Deny from all +# +# +# Allow from 127.0.0.1/24 +# Deny from all +# +# 2.2> +# Require ip 127.0.0.1/24 +# Require all denied +# +# +# Allow from 127.0.0.1/24 +# Deny from all +# # # Allow access to .png files created by a local copy of 'dot' - Allow from all + + + Allow from all + + 2.2> + Require all granted + + + + Allow from all + # And no directory listings, either. -Deny from all + + + Deny from all + + 2.2> + Require all denied + + + + Deny from all + EOT }, "$assetsdir/.htaccess" => { perms => WS_SERVE, contents => < - Allow from all + + + Allow from all + + 2.2> + Require all granted + + + + Allow from all + # And no directory listings, either. -Deny from all + + + Deny from all + + 2.2> + Require all denied + + + + Deny from all + EOT }, -- cgit v1.2.3-24-g4f1b