[packages/stikked] more complete list of dirs to hide from web

glen glen at pld-linux.org
Sat Mar 15 20:03:57 CET 2014 

commit 0537374f69d8a18c1289b6e076812500731bd16d
Author: Elan Ruusamäe <glen at delfi.ee>
Date:   Sat Mar 15 21:03:40 2014 +0200

    more complete list of dirs to hide from web

 apache.conf   |  2 +-
 lighttpd.conf |  2 +-
 stikked.spec  | 19 ++++++++++++++++---
 3 files changed, 18 insertions(+), 5 deletions(-)
---
diff --git a/stikked.spec b/stikked.spec
index e5aa7b5..c20b244 100644
--- a/stikked.spec
+++ b/stikked.spec
@@ -1,7 +1,7 @@
 Summary:	Stikked is an Open-Source PHP Pastebin
 Name:		stikked
 Version:	0.8.6
-Release:	0.7
+Release:	0.9
 License:	CC0
 Group:		Applications/WWW
 Source0:	https://github.com/claudehohl/Stikked/archive/%{version}/%{name}-%{version}.tar.gz
@@ -34,9 +34,22 @@ simple and easy to use user interface.
 %setup -q -n Stikked-%{version}
 %undos -f php
 
+# access restricted by webserver config
+rm htdocs/application/config/index.html
+rm htdocs/application/cache/index.html
+rm htdocs/application/controllers/index.html
+rm htdocs/application/core/index.html
+rm htdocs/application/errors/index.html
+rm htdocs/application/helpers/index.html
+rm htdocs/application/hooks/index.html
+rm htdocs/application/index.html
+rm htdocs/application/libraries/index.html
+rm htdocs/application/logs/index.html
+rm htdocs/application/models/index.html
+rm htdocs/application/third_party/index.html
+
 # this is to simplify install
 mv htdocs/application/config .
-rm config/index.html
 mv config/stikked.php{.dist,}
 
 %patch0 -p1
@@ -46,7 +59,7 @@ rm -rf $RPM_BUILD_ROOT
 install -d $RPM_BUILD_ROOT{%{_sysconfdir},%{_appdir}}
 
 cp -a htdocs/* $RPM_BUILD_ROOT%{_appdir}
-cp -a config/*  $RPM_BUILD_ROOT%{_sysconfdir}
+cp -a config/* $RPM_BUILD_ROOT%{_sysconfdir}
 ln -s %{_sysconfdir} $RPM_BUILD_ROOT%{_appdir}/application/config
 
 cp -p %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/apache.conf
diff --git a/apache.conf b/apache.conf
index d929a11..e9d4480 100644
--- a/apache.conf
+++ b/apache.conf
@@ -42,7 +42,7 @@ Alias /stikked /usr/share/stikked
 	</IfModule>
 </Directory>
 
-<Directory /usr/share/stikked/application/config>
+<Directory ~ "/usr/share/stikked/application/(config|cache|controllers|core|errors|helpers|hooks|libraries|logs|models|third_party)">
     # Apache 2.x
     <IfModule !mod_authz_core.c>
         Order deny,allow
diff --git a/lighttpd.conf b/lighttpd.conf
index 5079809..8a31163 100644
--- a/lighttpd.conf
+++ b/lighttpd.conf
@@ -11,6 +11,6 @@ url.rewrite-once += (
 	"^" + var.stikked_url + "/(.*)$" => var.stikked_url + "/index.php$2",
 )
 
-$HTTP["url"] =~ "^" + var.stikked_url + "/config/" {
+$HTTP["url"] =~ "^" + var.stikked_url + "/(config|cache|controllers|core|errors|helpers|hooks|libraries|logs|models|third_party)" {
     url.access-deny = ("")
 }
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/stikked.git/commitdiff/0537374f69d8a18c1289b6e076812500731bd16d

More information about the pld-cvs-commit mailing list