From 3a47b2050e8a714999644ee3a0680e777a43415b Mon Sep 17 00:00:00 2001
From: Michael Kaufmann <d00p@froxlor.org>
Date: Tue, 13 Oct 2020 20:18:44 +0200
Subject: [PATCH] fix awstats/webalizer directory protection when using nginx;
 fixes #888

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
---
 lib/Froxlor/Cron/Http/Nginx.php | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/lib/Froxlor/Cron/Http/Nginx.php b/lib/Froxlor/Cron/Http/Nginx.php
index 977b1341..f11f9614 100644
--- a/lib/Froxlor/Cron/Http/Nginx.php
+++ b/lib/Froxlor/Cron/Http/Nginx.php
@@ -902,7 +902,6 @@ class Nginx extends HttpConfigBase
 			FROM `" . TABLE_PANEL_HTPASSWDS . "` AS a
 			JOIN `" . TABLE_PANEL_DOMAINS . "` AS b USING (`customerid`)
 			WHERE b.customerid = :customerid AND b.domain = :domain
-			AND path LIKE CONCAT(b.documentroot, '%')
 		");
 		Database::pexecute($result_stmt, array(
 			'customerid' => $domain['customerid'],
@@ -1042,10 +1041,10 @@ class Nginx extends HttpConfigBase
 
 		if (Settings::Get('system.awstats_enabled') == '1') {
 			// awstats
-			$stats_text .= "\t" . 'location /awstats {' . "\n";
+			$stats_text .= "\t" . 'location ^~ /awstats {' . "\n";
 		} else {
 			// webalizer
-			$stats_text .= "\t" . 'location /webalizer {' . "\n";
+			$stats_text .= "\t" . 'location ^~ /webalizer {' . "\n";
 		}
 
 		$stats_text .= "\t\t" . 'alias ' . $alias_dir . ';' . "\n";