Froxlor

Author	SHA1	Message	Date
Johannes Feichtner	a641dfbfc8	Security-critical fix: Nginx directory protection did not prevent access to PHP scripts Although the implemented direction protection posed a prompt when accessing the http://...com/protectedir/ it was still possible to call http://...com/protectedir/script.php This vulnerability emerges from the precedence order of "location" statements. The RegEx matching the PHP script is triggered before the directory protection is evaluated. As a result, the PHP script is interpreted and path parsing stops due to the circumflex (see http://nginx.org/en/docs/http/ngx_http_core_module.html#location). The fix involves adding a PHP parsing snippet to every protected block. In order to prevent PHP-related config params repeatedly, the required section is referenced using a prefix.	2016-02-20 19:25:49 +01:00
Roman Schmerold (BNoiZe)	f61567be81	Changed the way php-fpm is included, fixes #1427 Signed-off-by: Roman Schmerold (BNoiZe) <bnoize@froxlor.org>	2015-01-13 20:37:57 +01:00
Roman Schmerold	539ec529c2	Removing evil if from nginx vhosts Signed-off-by: Roman Schmerold <bnoize@froxlor.org>	2014-10-11 07:58:01 +02:00
Stricted	31f3639c15	fix path_info on nginx cronjob	2014-09-08 18:37:14 +02:00
Roman Schmerold (BNoiZe)	121669ee69	migrating more files to new Settings-class makes me dance, refs #1325 Signed-off-by: Roman Schmerold (BNoiZe) <bnoize@froxlor.org>	2013-12-15 15:51:25 +01:00
Michael Kaufmann (d00p)	558108008a	more implementing of new Settings class, refs #1325 Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>	2013-12-15 12:40:24 +01:00
Michael Kaufmann (d00p)	4426ab52d3	migrate ALL the crons to new PDO database class, refs #1287 Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>	2013-11-28 12:35:20 +01:00
Michael Kaufmann (d00p)	849da2a423	migrate phpinterface-classes to PDO database class, refs #1287 Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>	2013-11-06 09:11:26 +01:00
Michael Kaufmann (d00p)	9d5851e9be	deny possible direct call of cronjobs Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>	2013-10-27 06:18:09 +01:00
Michael Kaufmann (d00p)	b7a4b69ee0	enhance php-fpm configuration options to use custom-ini-settings, refs #587 Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>	2013-07-05 10:54:52 +02:00
Michael Kaufmann (d00p)	74c5d0718c	remove php's safe_mode as it is deprecated since php-5.3 and removed since php-5.4 Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>	2013-03-15 09:34:41 +01:00
Michael Kaufmann (d00p)	747b01d141	make path to nginx's fastcgi_params customizable, fixes #1153 Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>	2013-03-05 09:03:38 +01:00
Florian Aders (EleRas)	a177c0558e	Fixing vuln. in php + nginx - config, thx altmir for reporting, fixes #980 Signed-off-by: Florian Aders (EleRas) <eleras@froxlor.org>	2011-11-19 11:39:40 +01:00
Andreas Burchert (scarya)	57693f804f	Fixed duplicates for nginx, fixes #930 Thanks to epek Signed-off-by: Andreas Burchert (scarya) <scarya@froxlor.org>	2011-10-18 13:27:52 +02:00
Andreas Burchert (scarya)	369df7af62	Fixes wrong location declaration for nginx, fixes #749 Thanks to altmir	2011-09-19 11:21:11 +02:00
Andreas Burchert (scarya)	51a83d8b09	Removed @version in file header. This isn't used by git.	2011-05-04 11:59:20 +02:00
Michael Kaufmann (d00p)	b325e50da1	add 'fastcgi_param HTTPS on' for nginx generally if ssl is enabled, refs #610 Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>	2011-02-25 09:13:42 +01:00
Michael Kaufmann (d00p)	ff4b03f4fa	- add 'fastcgi_param HTTPS on' for nginx+fpm if domain uses SSL, fixes #610	2011-02-25 07:58:13 +01:00
Michael Kaufmann (d00p)	7fb0e88313	- implement php-fpm for Froxlor-vhost, fixes #505	2010-12-06 07:38:55 +00:00
Michael Kaufmann (d00p)	0271ccfc28	- outsource fcgid/php-fpm configurations/file-creations/etc	2010-12-03 09:23:40 +00:00
Michael Kaufmann (d00p)	01b313a3ce	merged php-fpm branch	2010-12-02 12:15:58 +00:00

21 Commits