projects / freeside.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2bc72d7)
deny remote access to elements/*html, RT#23357
authorIvan Kohler <ivan@freeside.biz>
Fri, 23 Oct 2015 23:22:45 +0000 (16:22 -0700)
committerIvan Kohler <ivan@freeside.biz>
Fri, 23 Oct 2015 23:22:45 +0000 (16:22 -0700)
htetc/freeside-base2.conf patch | blob | history

diff --git a/htetc/freeside-base2.conf b/htetc/freeside-base2.conf
index 49b4a24..3eef50c 100644 (file)
--- a/htetc/freeside-base2.conf
+++ b/htetc/freeside-base2.conf
@@ -15,27 +15,38 @@ PerlRequire "%%%MASON_HANDLER%%%"
 AddDefaultCharset UTF-8
 
 <Directory %%%FREESIDE_DOCUMENT_ROOT%%%>
-AuthName Freeside
-AuthType Basic
-AuthUserFile %%%FREESIDE_CONF%%%/htpasswd
-require valid-user
-<Files ~ "(\.cgi|\.html)$">
-SetHandler perl-script
-PerlHandler HTML::Mason
-</Files>
+
+    AuthName Freeside
+    AuthType Basic
+    AuthUserFile %%%FREESIDE_CONF%%%/htpasswd
+    require valid-user
+
+    <Files ~ "(\.cgi|\.html)$">
+        SetHandler perl-script
+        PerlHandler HTML::Mason
+    </Files>
+
 </Directory>
+
+<Directory %%%FREESIDE_DOCUMENT_ROOT%%%/elements/>
+    <Files ~ "(\.html)$">
+        Deny from all
+        SetHandler None
+    </Files>
+</Directory>
+
 <Directory %%%FREESIDE_DOCUMENT_ROOT%%%/rt/Helpers/>
-SetHandler perl-script
-PerlHandler HTML::Mason
+    SetHandler perl-script
+    PerlHandler HTML::Mason
 </Directory>
 
 <Directory %%%FREESIDE_DOCUMENT_ROOT%%%/loginout>
-AuthName Freeside
-AuthType Basic
-AuthUserFile %%%FREESIDE_CONF%%%/htpasswd.logout
-require valid-user
-<Files ~ "(\.cgi|\.html)$">
-SetHandler default-handler
-</Files>
+    AuthName Freeside
+    AuthType Basic
+    AuthUserFile %%%FREESIDE_CONF%%%/htpasswd.logout
+    require valid-user
+    <Files ~ "(\.cgi|\.html)$">
+        SetHandler default-handler
+    </Files>
 </Directory>
 
Freeside billing, trouble ticketing, network monitoring and provisioning