From 8a9796014ce6c842095a9d031c8cbf40da761e0f Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Sun, 8 Nov 2020 13:13:13 +0100 Subject: Reviewed Apache configuration (in documentation) For security purpose, block access to any static file not matching the list of allowed extensions. It allows us to remove the specific retriction on dotfiles, and fix Apache part of #1608. --- .htaccess | 2 +- doc/md/Server-configuration.md | 19 ++++++++++++------- 2 files changed, 13 insertions(+), 8 deletions(-) diff --git a/.htaccess b/.htaccess index 25fcfb03..9d1522df 100644 --- a/.htaccess +++ b/.htaccess @@ -13,7 +13,7 @@ RewriteRule .* - [e=HTTP_AUTHORIZATION:%1] # Alternative (if the 2 lines above don't work) # SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 -# REST API +# Slim URL Redirection # Ionos Hosting needs RewriteBase / # RewriteBase / RewriteCond %{REQUEST_FILENAME} !-f diff --git a/doc/md/Server-configuration.md b/doc/md/Server-configuration.md index 4e74d80b..66db8c57 100644 --- a/doc/md/Server-configuration.md +++ b/doc/md/Server-configuration.md @@ -193,19 +193,24 @@ sudo nano /etc/apache2/sites-available/shaarli.mydomain.org.conf Require all granted - - # Prevent accessing dotfiles - RedirectMatch 404 ".*" - + # BE CAREFUL: directives order matter! - + + Require all denied + + + + Require all granted + + + # allow client-side caching of static files Header set Cache-Control "max-age=2628000, public, must-revalidate, proxy-revalidate" - + + # serve the Shaarli favicon from its custom location Alias favicon.ico /var/www/shaarli.mydomain.org/images/favicon.ico - ``` -- cgit v1.2.3