holm/egroupware
1
1
Fork 0
forked from extern/egroupware
Code Issues Pull Requests Packages Projects Releases Wiki Activity

return 404 instead of 403 for accessing PHP in blacklisted folders and remove doublicate SCRIPT_FILENAME

Browse Source
This commit is contained in:
Ralf Becker 2020-01-15 21:50:25 +01:00
parent 6d618ffaea
commit 1fa9ca202c
2 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
doc/docker/nginx.conf
View File

@ -43,7 +43,7 @@ server {
location ~ ^/egroupware(/(?U).+\.php) {
# do not allow to call files ment to be included only
location ~ ^$path/(vendor|[^/]+/(src|setup|inc))/ {
return 403;
return 404;
}
alias /usr/share/egroupware;
fastcgi_pass fpm;
@ -51,7 +51,6 @@ server {
fastcgi_read_timeout 60m;
fastcgi_index index.php;
fastcgi_split_path_info ^((?U).+\.php)(.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
# standard Nginx

5
doc/rpm-build/nginx.conf
View File

@ -40,13 +40,16 @@ server {
alias /usr/share/egroupware/;
try_files $uri $uri/ =404;
location ~ ^/egroupware(/(?U).+\.php) {
# do not allow to call files ment to be included only
location ~ ^/egroupware/(vendor|[^/]+/(src|setup|inc))/ {
return 404;
}
alias /usr/share/egroupware;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
# added to support WebDAV/CalDAV/CardDAV
fastcgi_read_timeout 60m;
fastcgi_index index.php;
fastcgi_split_path_info ^((?U).+\.php)(.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
# standard Nginx