maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

block access to more folders to enhance security

Browse Source 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann
2022-08-26 14:14:00 +02:00
parent 546040541c
commit f47d203215
3 changed files with 22 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
lib/Froxlor/Cron/Http/Apache.php
View File

@@ -156,8 +156,13 @@ class Apache extends HttpConfigBase
}
if (!$is_redirect) {
if (Settings::Get('system.froxlordirectlyviahostname')) {
$relpath = "/";
} else {
$relpath = "/".basename(Froxlor::getInstallDir());
}
// protect lib/userdata.inc.php
$this->virtualhosts_data[$vhosts_filename] .= ' <Directory "' . rtrim(Froxlor::getInstallDir(), "/") . '/lib/">' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' <Directory "' . rtrim($relpath, "/") . '/lib/">' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' <Files "userdata.inc.php">' . "\n";
if (Settings::Get('system.apache24') == '1') {
$this->virtualhosts_data[$vhosts_filename] .= ' Require all denied' . "\n";
@@ -168,14 +173,14 @@ class Apache extends HttpConfigBase
$this->virtualhosts_data[$vhosts_filename] .= ' </Files>' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' </Directory>' . "\n";
// protect bin/
$this->virtualhosts_data[$vhosts_filename] .= ' <Directory "' . rtrim(Froxlor::getInstallDir(), "/") . '/bin/">' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' <DirectoryMatch ~ "' . rtrim($relpath, "/") . '/(bin|cache|logs|node_modules|tests|vendor)/">' . "\n";
if (Settings::Get('system.apache24') == '1') {
$this->virtualhosts_data[$vhosts_filename] .= ' Require all denied' . "\n";
} else {
$this->virtualhosts_data[$vhosts_filename] .= ' Order deny,allow' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' deny from all' . "\n";
}
$this->virtualhosts_data[$vhosts_filename] .= ' </Directory>' . "\n";
$this->virtualhosts_data[$vhosts_filename] .= ' </DirectoryMatch>' . "\n";
// create fcgid <Directory>-Part (starter is created in apache_fcgid)
if (Settings::Get('system.mod_fcgid_ownvhost') == '1' && Settings::Get('system.mod_fcgid') == '1') {

9
lib/Froxlor/Cron/Http/Lighttpd.php
View File

@@ -121,12 +121,17 @@ class Lighttpd extends HttpConfigBase
}
if (!$is_redirect) {
if (Settings::Get('system.froxlordirectlyviahostname')) {
$relpath = "/";
} else {
$relpath = "/".basename(Froxlor::getInstallDir());
}
// protect lib/userdata.inc.php
$this->lighttpd_data[$vhost_filename] .= ' $HTTP["host"] =~ "' . rtrim(Froxlor::getInstallDir(), "/") . '/lib" {' . "\n";
$this->lighttpd_data[$vhost_filename] .= ' $HTTP["url"] =~ "' . rtrim($relpath, "/") . '/lib" {' . "\n";
$this->lighttpd_data[$vhost_filename] .= ' url.access-deny = ("userdata.inc.php")' . "\n";
$this->lighttpd_data[$vhost_filename] .= ' }' . "\n";
// protect bin/
$this->lighttpd_data[$vhost_filename] .= ' $HTTP["host"] =~ "' . rtrim(Froxlor::getInstallDir(), "/") . '/bin" {' . "\n";
$this->lighttpd_data[$vhost_filename] .= ' $HTTP["url"] =~ "^' . rtrim($relpath, "/") . '/(bin|cache|logs|node_modules|tests|vendor)" {' . "\n";
$this->lighttpd_data[$vhost_filename] .= ' url.access-deny = ("")' . "\n";
$this->lighttpd_data[$vhost_filename] .= ' }' . "\n";

9
lib/Froxlor/Cron/Http/Nginx.php
View File

@@ -214,13 +214,18 @@ class Nginx extends HttpConfigBase
$this->nginx_data[$vhost_filename] .= "\t" . 'location / {' . "\n";
$this->nginx_data[$vhost_filename] .= "\t" . '}' . "\n";
if (Settings::Get('system.froxlordirectlyviahostname')) {
$relpath = "/";
} else {
$relpath = "/".basename(Froxlor::getInstallDir());
}
// protect lib/userdata.inc.php
$this->nginx_data[$vhost_filename] .= "\t" . 'location = ' . rtrim(Froxlor::getInstallDir(), "/") . '/lib/userdata.inc.php {' . "\n";
$this->nginx_data[$vhost_filename] .= "\t" . 'location = ' . rtrim($relpath, "/") . '/lib/userdata.inc.php {' . "\n";
$this->nginx_data[$vhost_filename] .= "\t" . ' deny all;' . "\n";
$this->nginx_data[$vhost_filename] .= "\t" . '}' . "\n";
// protect bin/
$this->nginx_data[$vhost_filename] .= "\t" . 'location = ' . rtrim(Froxlor::getInstallDir(), "/") . '/bin {' . "\n";
$this->nginx_data[$vhost_filename] .= "\t" . 'location ~ ' . rtrim($relpath, "/") . '/(bin|cache|logs|node_modules|tests|vendor) {' . "\n";
$this->nginx_data[$vhost_filename] .= "\t" . ' deny all;' . "\n";
$this->nginx_data[$vhost_filename] .= "\t" . '}' . "\n";
}