aboutsummaryrefslogtreecommitdiffhomepage
path: root/doc/md/Server-configuration.md
diff options
context:
space:
mode:
authorArthurHoaro <arthur@hoa.ro>2020-11-08 13:13:13 +0100
committerArthurHoaro <arthur@hoa.ro>2020-11-08 13:13:13 +0100
commit8a9796014ce6c842095a9d031c8cbf40da761e0f (patch)
tree43542f3bcdd7effd4676c601349c655b82229ddc /doc/md/Server-configuration.md
parent8c5f6c786d00310b2e863aa316927effb7bfeedb (diff)
downloadShaarli-8a9796014ce6c842095a9d031c8cbf40da761e0f.tar.gz
Shaarli-8a9796014ce6c842095a9d031c8cbf40da761e0f.tar.zst
Shaarli-8a9796014ce6c842095a9d031c8cbf40da761e0f.zip
Reviewed Apache configuration
(in documentation) For security purpose, block access to any static file not matching the list of allowed extensions. It allows us to remove the specific retriction on dotfiles, and fix Apache part of #1608.
Diffstat (limited to 'doc/md/Server-configuration.md')
-rw-r--r--doc/md/Server-configuration.md19
1 files changed, 12 insertions, 7 deletions
diff --git a/doc/md/Server-configuration.md b/doc/md/Server-configuration.md
index 4e74d80b..66db8c57 100644
--- a/doc/md/Server-configuration.md
+++ b/doc/md/Server-configuration.md
@@ -193,19 +193,24 @@ sudo nano /etc/apache2/sites-available/shaarli.mydomain.org.conf
193 Require all granted 193 Require all granted
194 </Directory> 194 </Directory>
195 195
196 <LocationMatch "/\."> 196 # BE CAREFUL: directives order matter!
197 # Prevent accessing dotfiles
198 RedirectMatch 404 ".*"
199 </LocationMatch>
200 197
201 <LocationMatch "\.(?:ico|css|js|gif|jpe?g|png)$"> 198 <FilesMatch ".*\.(?!(ico|css|js|gif|jpe?g|png|ttf|oet|woff2?)$)[^\.]*$">
199 Require all denied
200 </FilesMatch>
201
202 <Files "index.php">
203 Require all granted
204 </Files>
205
206 <FilesMatch "\.(?:ico|css|js|gif|jpe?g|png|ttf|oet|woff2)$">
202 # allow client-side caching of static files 207 # allow client-side caching of static files
203 Header set Cache-Control "max-age=2628000, public, must-revalidate, proxy-revalidate" 208 Header set Cache-Control "max-age=2628000, public, must-revalidate, proxy-revalidate"
204 </LocationMatch> 209 </FilesMatch>
210
205 211
206 # serve the Shaarli favicon from its custom location 212 # serve the Shaarli favicon from its custom location
207 Alias favicon.ico /var/www/shaarli.mydomain.org/images/favicon.ico 213 Alias favicon.ico /var/www/shaarli.mydomain.org/images/favicon.ico
208
209</VirtualHost> 214</VirtualHost>
210``` 215```
211 216