Harden data protection .htaccess
+ Set "Satisfy All" whenever available, as well on Apache 2.4+. This is required to override possible "Satisfy Any" on parent dir, which otherwise would allow direct access to data, regardless of "Require" directive. + Set "Deny from all" as well whenever available, to block access regardless of which access control directive takes priority. + Assume Apache 2.2 only, if mod_authz_core and mod_access_compat are both not available, to avoid doubled directives. In this case set "Deny from all" directive only if the providing mod_authz_host module is available. "Satisfy" is a core directive on Apache 2.2. + Update Apache version strings. Regarding the used directives/modules, Apache 2.4 and 2.5 behave the same. + Add ordering spaces to better reflect the nested directives and to match style of other .htaccess files. Fixes: https://github.com/nextcloud/server/issues/6449 Signed-off-by: Micha Felle <micha@dietpi.com>
This commit is contained in:
parent
b73df01945
commit
dcbf8fa8e3
|
@ -542,19 +542,27 @@ class Setup {
|
|||
//Require all denied
|
||||
$now = date('Y-m-d H:i:s');
|
||||
$content = "# Generated by Nextcloud on $now\n";
|
||||
$content.= "# line below if for Apache 2.4\n";
|
||||
$content.= "# Section for Apache 2.4 and 2.5\n";
|
||||
$content.= "<ifModule mod_authz_core.c>\n";
|
||||
$content.= " Require all denied\n";
|
||||
$content.= "</ifModule>\n\n";
|
||||
$content.= "# line below if for Apache 2.2\n";
|
||||
$content.= "<ifModule !mod_authz_core.c>\n";
|
||||
$content.= "deny from all\n";
|
||||
$content.= "</ifModule>\n";
|
||||
$content.= "<ifModule mod_access_compat.c>\n";
|
||||
$content.= " Deny from all\n";
|
||||
$content.= " Satisfy All\n";
|
||||
$content.= "</ifModule>\n\n";
|
||||
$content.= "# section for Apache 2.2 and 2.4\n";
|
||||
$content.= "# Section for Apache 2.2\n";
|
||||
$content.= "<ifModule !mod_authz_core.c>\n";
|
||||
$content.= " <ifModule !mod_access_compat.c>\n";
|
||||
$content.= " <ifModule mod_authz_host.c>\n";
|
||||
$content.= " Deny from all\n";
|
||||
$content.= " </ifModule>\n";
|
||||
$content.= " Satisfy All\n";
|
||||
$content.= " </ifModule>\n";
|
||||
$content.= "</ifModule>\n\n";
|
||||
$content.= "# Section for Apache 2.2 to 2.5\n";
|
||||
$content.= "<ifModule mod_autoindex.c>\n";
|
||||
$content.= " IndexIgnore *\n";
|
||||
$content.= "</ifModule>\n";
|
||||
$content.= "</ifModule>";
|
||||
|
||||
$baseDir = \OC::$server->getConfig()->getSystemValue('datadirectory', \OC::$SERVERROOT . '/data');
|
||||
file_put_contents($baseDir . '/.htaccess', $content);
|
||||
|
|
Loading…
Reference in New Issue