fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-04 01:01:41 +09:00
Code Issues Projects Releases Packages Wiki Activity

Stop allowing access to .php files under files/cache/

Browse source 
files/cache/document_category/<module_srl>.xml.php 파일에 직접 접근할 필요가
없게 되었으므로, files/cache/ 폴더 전체의 .php 파일 접근을 금지해도 무방함.
This commit is contained in:
Kijin Sung 2023-08-07 00:35:40 +09:00
parent 34f05b08de
commit 3ea1567fda
3 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.htaccess
View file

@ -3,7 +3,7 @@ RewriteEngine On
# block direct access to templates, XML schema files, config files, dotfiles, environment, etc.
RewriteCond %{REQUEST_URI} !/modules/editor/(skins|styles)/
RewriteRule ^(addons|common/tpl|files/ruleset|(m\.)?layouts|modules|plugins|themes|widgets|widgetstyles)/.+\.(html|xml)$ - [L,F]
RewriteRule ^files/(attach|config|cache/store)/.+\.(ph(p|t|ar)?[0-9]?|p?html?|cgi|pl|exe|[aj]spx?|inc|bak)$ - [L,F]
RewriteRule ^files/(attach|config|cache)/.+\.(ph(p|t|ar)?[0-9]?|p?html?|cgi|pl|exe|[aj]spx?|inc|bak)$ - [L,F]
RewriteRule ^files/(env|member_extra_info/(new_message_flags|point))/ - [L,F]
RewriteRule ^(\.git|\.ht|\.travis|codeception\.|composer\.|Gruntfile\.js|package\.json|CONTRIBUTING|COPYRIGHT|LICENSE|README) - [L,F]

2
common/manual/server_config/rhymix-nginx-subdir.conf
View file

@ -5,7 +5,7 @@ location ~ ^/rhymix/modules/editor/(skins|styles)/.+\.html$ {
location ~ ^/rhymix/(addons|common/tpl|files/ruleset|(m\.)?layouts|modules|plugins|themes|widgets|widgetstyles)/.+\.(html|xml)$ {
return 403;
}
location ~ ^/rhymix/files/(attach|config|cache/store)/.+\.(ph(p|t|ar)?[0-9]?|p?html?|cgi|pl|exe|[aj]spx?|inc|bak)$ {
location ~ ^/rhymix/files/(attach|config|cache)/.+\.(ph(p|t|ar)?[0-9]?|p?html?|cgi|pl|exe|[aj]spx?|inc|bak)$ {
return 403;
}
location ~ ^/rhymix/files/(env|member_extra_info/(new_message_flags|point))/ {

2
common/manual/server_config/rhymix-nginx.conf
View file

@ -5,7 +5,7 @@ location ~ ^/modules/editor/(skins|styles)/.+\.html$ {
location ~ ^/(addons|common/tpl|files/ruleset|(m\.)?layouts|modules|plugins|themes|widgets|widgetstyles)/.+\.(html|xml)$ {
return 403;
}
location ~ ^/files/(attach|config|cache/store)/.+\.(ph(p|t|ar)?[0-9]?|p?html?|cgi|pl|exe|[aj]spx?|inc|bak)$ {
location ~ ^/files/(attach|config|cache)/.+\.(ph(p|t|ar)?[0-9]?|p?html?|cgi|pl|exe|[aj]spx?|inc|bak)$ {
return 403;
}
location ~ ^/files/(env|member_extra_info/(new_message_flags|point))/ {