Nemcio/Grav
1
0
Fork 0
mirror of https://github.com/getgrav/grav.git synced 2025-10-26 07:56:07 +01:00
Code Issues Packages Projects Releases Activity

[WIP] Web Server Config URL Rewrite Rules White List (#1458)

Browse Source 
* Escaped literal periods in web server config files rewrite rules.

* Black listed "yml" file extension in web server configs rewrite rules.
This commit is contained in:
Scott Hamper
2017-05-06 13:09:31 -04:00
committed by Andy Miller
parent 04243f7dd3
commit fc5c3023c6
7 changed files with 28 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
webserver-configs/lighttpd.conf
View File

@@ -27,13 +27,13 @@ url.rewrite-if-not-file = (
)
#IMPROVING SECURITY
$HTTP["url"] =~ "^/grav_path/(LICENSE.txt|composer.json|composer.lock|nginx.conf|web.config)$" {
$HTTP["url"] =~ "^/grav_path/(LICENSE\.txt|composer\.json|composer\.lock|nginx\.conf|web\.config)$" {
url.access-deny = ("")
}
$HTTP["url"] =~ "^/grav_path/(.git|cache|bin|logs|backup|tests)/(.*)" {
$HTTP["url"] =~ "^/grav_path/(\.git|cache|bin|logs|backup|tests)/(.*)" {
url.access-deny = ("")
}
$HTTP["url"] =~ "^/grav_path/(system|user|vendor)/(.*)\.(txt|md|html|yaml|php|twig|sh|bat)$" {
$HTTP["url"] =~ "^/grav_path/(system|user|vendor)/(.*)\.(txt|md|html|yaml|yml|php|twig|sh|bat)$" {
url.access-deny = ("")
}
$HTTP["url"] =~ "^/grav_path/(\.(.*))" {