From 913f68b91f16bd364d9709c85ac120f061913087 Mon Sep 17 00:00:00 2001 From: Frédéric Buclin Date: Wed, 29 Aug 2012 00:06:46 +0200 Subject: Bug 785511: Prevent directory browsing, especially in docs/ and extensions/ r=dkl a=LpSolit --- .htaccess | 3 +++ docs/en/xml/installation.xml | 11 ++++++----- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/.htaccess b/.htaccess index 4b06fe9a9..27f478afd 100644 --- a/.htaccess +++ b/.htaccess @@ -2,6 +2,9 @@ deny from all + +Options -Indexes + diff --git a/docs/en/xml/installation.xml b/docs/en/xml/installation.xml index 8c5c29b8e..18de454b9 100644 --- a/docs/en/xml/installation.xml +++ b/docs/en/xml/installation.xml @@ -1056,19 +1056,20 @@ SetEnv LD_LIBRARY_PATH /u01/app/oracle/product/10.2.0/lib/ <Directory /var/www/html/bugzilla> AddHandler cgi-script .cgi -Options +Indexes +ExecCGI -DirectoryIndex index.cgi -AllowOverride Limit FileInfo Indexes +Options +ExecCGI +DirectoryIndex index.cgi index.html +AllowOverride Limit FileInfo Indexes Options </Directory> These instructions: allow apache to run .cgi files found within the bugzilla directory; instructs the server to look - for a file called index.cgi if someone + for a file called index.cgi or, if not + found, index.html if someone only types the directory name into the browser; and allows Bugzilla's .htaccess files to override - global permissions. + some global permissions. -- cgit v1.2.3-24-g4f1b