diff options
| author | Roeland Jago Douma <rullzer@users.noreply.github.com> | 2019-12-19 11:26:12 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-12-19 11:26:12 +0100 |
| commit | 5d9fd7ba0cced84f1d07627b0860ac5490de164d (patch) | |
| tree | 533760297f9cdfca951c13b67ef5bf3f5250a78d | |
| parent | 79b9be7ebfdbae41022416fd2645f2e9d597c8c1 (diff) | |
| parent | 4384806f616cf7b9f6a4492ba2fd094afd064f86 (diff) | |
| download | nextcloud-server-5d9fd7ba0cced84f1d07627b0860ac5490de164d.tar.gz nextcloud-server-5d9fd7ba0cced84f1d07627b0860ac5490de164d.zip | |
Merge pull request #16792 from MichaIng/patch-1
Harden data and config protection .htaccess
| -rw-r--r-- | config/.htaccess | 35 | ||||
| -rw-r--r-- | lib/private/Setup.php | 36 |
2 files changed, 46 insertions, 25 deletions
diff --git a/config/.htaccess b/config/.htaccess index 853aed187d3..13ca28758cf 100644 --- a/config/.htaccess +++ b/config/.htaccess @@ -1,14 +1,25 @@ -# line below if for Apache 2.4 -<ifModule mod_authz_core.c> -Require all denied -</ifModule> +# Section for Apache 2.4 to 2.6 +<IfModule mod_authz_core.c> + Require all denied +</IfModule> +<IfModule mod_access_compat.c> + Order Allow,Deny + Deny from all + Satisfy All +</IfModule> -# line below if for Apache 2.2 -<ifModule !mod_authz_core.c> -deny from all -</ifModule> +# Section for Apache 2.2 +<IfModule !mod_authz_core.c> + <IfModule !mod_access_compat.c> + <IfModule mod_authz_host.c> + Order Allow,Deny + Deny from all + </IfModule> + Satisfy All + </IfModule> +</IfModule> -# section for Apache 2.2 and 2.4 -<ifModule mod_autoindex.c> -IndexIgnore * -</ifModule> +# Section for Apache 2.2 to 2.6 +<IfModule mod_autoindex.c> + IndexIgnore * +</IfModule> diff --git a/lib/private/Setup.php b/lib/private/Setup.php index beaac2118ec..171c91890ee 100644 --- a/lib/private/Setup.php +++ b/lib/private/Setup.php @@ -556,19 +556,29 @@ class Setup { //Require all denied $now = date('Y-m-d H:i:s'); $content = "# Generated by Nextcloud on $now\n"; - $content .= "# line below if for Apache 2.4\n"; - $content .= "<ifModule mod_authz_core.c>\n"; - $content .= "Require all denied\n"; - $content .= "</ifModule>\n\n"; - $content .= "# line below if for Apache 2.2\n"; - $content .= "<ifModule !mod_authz_core.c>\n"; - $content .= "deny from all\n"; - $content .= "Satisfy All\n"; - $content .= "</ifModule>\n\n"; - $content .= "# section for Apache 2.2 and 2.4\n"; - $content .= "<ifModule mod_autoindex.c>\n"; - $content .= "IndexIgnore *\n"; - $content .= "</ifModule>\n"; + $content .= "# Section for Apache 2.4 to 2.6\n"; + $content .= "<IfModule mod_authz_core.c>\n"; + $content .= " Require all denied\n"; + $content .= "</IfModule>\n"; + $content .= "<IfModule mod_access_compat.c>\n"; + $content .= " Order Allow,Deny\n"; + $content .= " Deny from all\n"; + $content .= " Satisfy All\n"; + $content .= "</IfModule>\n\n"; + $content .= "# Section for Apache 2.2\n"; + $content .= "<IfModule !mod_authz_core.c>\n"; + $content .= " <IfModule !mod_access_compat.c>\n"; + $content .= " <IfModule mod_authz_host.c>\n"; + $content .= " Order Allow,Deny\n"; + $content .= " Deny from all\n"; + $content .= " <IifModule>\n"; + $content .= " Satisfy All\n"; + $content .= " </IfModule>\n"; + $content .= "</IfModule>\n\n"; + $content .= "# Section for Apache 2.2 to 2.6\n"; + $content .= "<IfModule mod_autoindex.c>\n"; + $content .= " IndexIgnore *\n"; + $content .= "</IfModule>"; $baseDir = \OC::$server->getConfig()->getSystemValue('datadirectory', \OC::$SERVERROOT . '/data'); file_put_contents($baseDir . '/.htaccess', $content); |