holm/egroupware
1
1
Fork 0
forked from extern/egroupware
Code Issues Pull Requests Packages Projects Releases Wiki Activity

disallow access to vendor directory of apps

Browse Source
This commit is contained in:
Ralf Becker 2020-06-05 11:46:50 +02:00
parent a6a27b8bcf
commit 7079b30316
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
doc/docker/nginx.conf
View File

@ -42,7 +42,7 @@ server {
try_files $uri $uri/ =404; try_files $uri $uri/ =404;
location ~ ^/egroupware(/(?U).+\.php) { location ~ ^/egroupware(/(?U).+\.php) {
# do not allow to call files ment to be included only # do not allow to call files ment to be included only
location ~ ^$path/(vendor|[^/]+/(src|setup|inc))/ { location ~ ^$path/(vendor|[^/]+/(src|setup|inc|vendor))/ {
return 404; return 404;
} }
alias /usr/share/egroupware; alias /usr/share/egroupware;

2
doc/rpm-build/nginx.conf
View File

@ -41,7 +41,7 @@ server {
try_files $uri $uri/ =404; try_files $uri $uri/ =404;
location ~ ^/egroupware(/(?U).+\.php) { location ~ ^/egroupware(/(?U).+\.php) {
# do not allow to call files ment to be included only # do not allow to call files ment to be included only
location ~ ^/egroupware/(vendor|[^/]+/(src|setup|inc))/ { location ~ ^/egroupware/(vendor|[^/]+/(src|setup|inc|vendor))/ {
return 404; return 404;
} }
alias /usr/share/egroupware; alias /usr/share/egroupware;