Merge pull request #16792 from MichaIng/patch-1

Harden data and config protection .htaccess
This commit is contained in:
Roeland Jago Douma 2019-12-19 11:26:12 +01:00 committed by GitHub
commit 5d9fd7ba0c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 46 additions and 25 deletions

View File

@ -1,14 +1,25 @@
# line below if for Apache 2.4
<ifModule mod_authz_core.c>
Require all denied
</ifModule>
# Section for Apache 2.4 to 2.6
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule mod_access_compat.c>
Order Allow,Deny
Deny from all
Satisfy All
</IfModule>
# line below if for Apache 2.2
<ifModule !mod_authz_core.c>
deny from all
</ifModule>
# Section for Apache 2.2
<IfModule !mod_authz_core.c>
<IfModule !mod_access_compat.c>
<IfModule mod_authz_host.c>
Order Allow,Deny
Deny from all
</IfModule>
Satisfy All
</IfModule>
</IfModule>
# section for Apache 2.2 and 2.4
<ifModule mod_autoindex.c>
IndexIgnore *
</ifModule>
# Section for Apache 2.2 to 2.6
<IfModule mod_autoindex.c>
IndexIgnore *
</IfModule>

View File

@ -556,19 +556,29 @@ class Setup {
//Require all denied
$now = date('Y-m-d H:i:s');
$content = "# Generated by Nextcloud on $now\n";
$content .= "# line below if for Apache 2.4\n";
$content .= "<ifModule mod_authz_core.c>\n";
$content .= "Require all denied\n";
$content .= "</ifModule>\n\n";
$content .= "# line below if for Apache 2.2\n";
$content .= "<ifModule !mod_authz_core.c>\n";
$content .= "deny from all\n";
$content .= "Satisfy All\n";
$content .= "</ifModule>\n\n";
$content .= "# section for Apache 2.2 and 2.4\n";
$content .= "<ifModule mod_autoindex.c>\n";
$content .= "IndexIgnore *\n";
$content .= "</ifModule>\n";
$content .= "# Section for Apache 2.4 to 2.6\n";
$content .= "<IfModule mod_authz_core.c>\n";
$content .= " Require all denied\n";
$content .= "</IfModule>\n";
$content .= "<IfModule mod_access_compat.c>\n";
$content .= " Order Allow,Deny\n";
$content .= " Deny from all\n";
$content .= " Satisfy All\n";
$content .= "</IfModule>\n\n";
$content .= "# Section for Apache 2.2\n";
$content .= "<IfModule !mod_authz_core.c>\n";
$content .= " <IfModule !mod_access_compat.c>\n";
$content .= " <IfModule mod_authz_host.c>\n";
$content .= " Order Allow,Deny\n";
$content .= " Deny from all\n";
$content .= " <IifModule>\n";
$content .= " Satisfy All\n";
$content .= " </IfModule>\n";
$content .= "</IfModule>\n\n";
$content .= "# Section for Apache 2.2 to 2.6\n";
$content .= "<IfModule mod_autoindex.c>\n";
$content .= " IndexIgnore *\n";
$content .= "</IfModule>";
$baseDir = \OC::$server->getConfig()->getSystemValue('datadirectory', \OC::$SERVERROOT . '/data');
file_put_contents($baseDir . '/.htaccess', $content);