Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reviewed Apache configuration #1630

Merged
merged 1 commit into from
Nov 10, 2020
Merged

Reviewed Apache configuration #1630

merged 1 commit into from
Nov 10, 2020

Conversation

ArthurHoaro
Copy link
Member

(in documentation)

For security purpose, block access to any static file not matching the list of allowed extensions.
It allows us to remove the specific restriction on dotfiles, and fix Apache part of #1608.

Tested with AWS build of HTTPD: Apache/2.4.46.

I'm not super confident in my Apache config skills, so if you have some time to test it @nodiscc, @kcaran, or anyone running an Apache instance, it would be greatly appreciated:

  • every assets should load properly, including custom data/user.css
  • other static files such as README.md, yarn.lock, data/log.txt, etc. should not be accessible.
  • searching for private tags (starting with a dot) should work properly.

@ArthurHoaro
Reviewed Apache configuration
8a97960 
(in documentation)

For security purpose, block access to any static file not matching the list of allowed extensions.
It allows us to remove the specific retriction on dotfiles, and fix Apache part of shaarli#1608.
@ArthurHoaro ArthurHoaro added this to the 0.12.1 milestone Nov 8, 2020
@ArthurHoaro ArthurHoaro self-assigned this Nov 8, 2020
@kcaran
Copy link

kcaran commented Nov 9, 2020

I updated my instance with the new configuration. Everything looks good!

@ArthurHoaro
Copy link
Member Author

Thanks!

@ArthurHoaro ArthurHoaro merged commit 7e78237 into shaarli:master Nov 10, 2020
@ArthurHoaro ArthurHoaro deleted the fix/apache-config branch November 10, 2020 09:45
@ArthurHoaro ArthurHoaro mentioned this pull request Nov 10, 2020
Closed
nodiscc added a commit to nodiscc/xsrv that referenced this pull request Nov 11, 2020
@nodiscc
shaarli: update apache configuration as per shaarli/Shaarli#1630
cc66425
nodiscc added a commit to nodiscc/xsrv that referenced this pull request Nov 12, 2020
@nodiscc
shaarli: update apache configuration as per shaarli/Shaarli#1630
e3c2115
nodiscc added a commit to nodiscc/xsrv that referenced this pull request Nov 15, 2020
@nodiscc
shaarli: update apache configuration as per shaarli/Shaarli#1630
838d4e7
nodiscc added a commit to nodiscc/xsrv that referenced this pull request Nov 15, 2020
@nodiscc
shaarli: update apache configuration as per shaarli/Shaarli#1630
0be3a2e
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@ArthurHoaro ArthurHoaro

Labels
documentation in review please test server
Projects
None yet
Milestone
0.12.1
Development

Successfully merging this pull request may close these issues.
2 participants
@ArthurHoaro @kcaran