extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2024-11-25 09:23:28 +01:00
Code Issues Packages Projects Releases Wiki Activity

return 404 instead of 403 for accessing PHP in blacklisted folders and remove doublicate SCRIPT_FILENAME

Browse Source
This commit is contained in:
Ralf Becker 2020-01-15 21:50:25 +01:00
parent c88bf3c4a0
commit 97e332e809
3 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
doc/docker/development/nginx.conf
View File

@ -34,7 +34,7 @@ server {
location ~ ^/egroupware(/(?U).+\.php) { location ~ ^/egroupware(/(?U).+\.php) {
# do not allow to call files ment to be included only # do not allow to call files ment to be included only
#location ~ ^$path/(vendor|[^/]+/(src|setup|inc))/ { #location ~ ^$path/(vendor|[^/]+/(src|setup|inc))/ {
# return 403; # return 404;
#} #}
alias /var/www/egroupware; alias /var/www/egroupware;
fastcgi_pass fpm; fastcgi_pass fpm;
@ -42,7 +42,6 @@ server {
fastcgi_read_timeout 60m; fastcgi_read_timeout 60m;
fastcgi_index index.php; fastcgi_index index.php;
fastcgi_split_path_info ^((?U).+\.php)(.*)$; fastcgi_split_path_info ^((?U).+\.php)(.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
# standard Nginx # standard Nginx

3
doc/docker/nginx.conf
View File

@ -43,7 +43,7 @@ server {
location ~ ^/egroupware(/(?U).+\.php) { location ~ ^/egroupware(/(?U).+\.php) {
# do not allow to call files ment to be included only # do not allow to call files ment to be included only
location ~ ^$path/(vendor|[^/]+/(src|setup|inc))/ { location ~ ^$path/(vendor|[^/]+/(src|setup|inc))/ {
return 403; return 404;
} }
alias /usr/share/egroupware; alias /usr/share/egroupware;
fastcgi_pass fpm; fastcgi_pass fpm;
@ -51,7 +51,6 @@ server {
fastcgi_read_timeout 60m; fastcgi_read_timeout 60m;
fastcgi_index index.php; fastcgi_index index.php;
fastcgi_split_path_info ^((?U).+\.php)(.*)$; fastcgi_split_path_info ^((?U).+\.php)(.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
# standard Nginx # standard Nginx

5
doc/rpm-build/nginx.conf
View File

@ -40,13 +40,16 @@ server {
alias /usr/share/egroupware/; alias /usr/share/egroupware/;
try_files $uri $uri/ =404; try_files $uri $uri/ =404;
location ~ ^/egroupware(/(?U).+\.php) { location ~ ^/egroupware(/(?U).+\.php) {
# do not allow to call files ment to be included only
location ~ ^/egroupware/(vendor|[^/]+/(src|setup|inc))/ {
return 404;
}
alias /usr/share/egroupware; alias /usr/share/egroupware;
fastcgi_pass unix:/run/php/php7.0-fpm.sock; fastcgi_pass unix:/run/php/php7.0-fpm.sock;
# added to support WebDAV/CalDAV/CardDAV # added to support WebDAV/CalDAV/CardDAV
fastcgi_read_timeout 60m; fastcgi_read_timeout 60m;
fastcgi_index index.php; fastcgi_index index.php;
fastcgi_split_path_info ^((?U).+\.php)(.*)$; fastcgi_split_path_info ^((?U).+\.php)(.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
# standard Nginx # standard Nginx