0ct0pu5/webmum
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Protect the codebase by denying direct access and executing of php scripts in /include/php

Browse source
This commit is contained in:
ohartl 2016-02-18 18:04:29 +01:00
parent 6bd36d6623
commit da0fb4738f
2 changed files with 19 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
README.md
View file

@ -36,7 +36,13 @@ server {
}
location /webmum {
try_files $uri $uri/ /webmum/index.php?$args;
try_files $uri $uri/ /webmum/index.php?$args;
}
# protect the codebase by denying direct access
location ^~ /webmum/include/php {
deny all;
return 403;
}
}
```
@ -59,7 +65,13 @@ server {
}
location / {
try_files $uri $uri/ /index.php?$args;
try_files $uri $uri/ /index.php?$args;
}
# protect the codebase by denying direct access
location ^~ /include/php {
deny all;
return 403;
}
}
```
@ -104,6 +116,10 @@ Without subdirectory in URL (e.g. `http://webmum.mydomain.tld/`):
</VirtualHost>
```
Access to the codebase is denied with a `.htaccess` file under ^/include/php^.
## WebMUM Configuration
Configure WebMUM via the configuration file at `config/config.inc.php`.

1
include/php/.htaccess Normal file
View file

@ -0,0 +1 @@
Deny from all