diff options
| author |   Robin H. Johnson <robbat2@gentoo.org> | 2015-04-16 09:12:15 -0700 |
|---|---|---|
| committer | Robin H. Johnson <robbat2@gentoo.org> | 2015-04-16 09:12:15 -0700 |
| commit | f31fc33877281e3861ae2103158a59e40f60040e (patch) | |
| tree | fe704c2ec79f6b263cb52efffed2fec4294c9ad3 /Bugzilla/Install/Filesystem.pm | |
| parent | Merge remote-tracking branch 'origin/upstream' (diff) | |
| parent | Bumped version to 4.4.9 (diff) | |
| download | bugzilla-f31fc33877281e3861ae2103158a59e40f60040e.tar.gz bugzilla-f31fc33877281e3861ae2103158a59e40f60040e.tar.bz2 bugzilla-f31fc33877281e3861ae2103158a59e40f60040e.zip | |
Merge tag 'bugzilla-4.4.9'gentoo-4.4.9
Diffstat (limited to 'Bugzilla/Install/Filesystem.pm')
| -rw-r--r-- | Bugzilla/Install/Filesystem.pm | 107 |
1 files changed, 100 insertions, 7 deletions
diff --git a/Bugzilla/Install/Filesystem.pm b/Bugzilla/Install/Filesystem.pm index b80eb2e63..9721c1702 100644 --- a/Bugzilla/Install/Filesystem.pm +++ b/Bugzilla/Install/Filesystem.pm @@ -43,7 +43,22 @@ our @EXPORT = qw( use constant HT_DEFAULT_DENY => <<EOT; # nothing in this directory is retrievable unless overridden by an .htaccess # in a subdirectory -deny from all +<IfModule mod_version.c> + <IfVersion < 2.4> + Deny from all + </IfVersion> + <IfVersion >= 2.4> + <IfModule mod_perl.c> + Deny from all + </IfModule> + <IfModule !mod_perl.c> + Require all denied + </IfModule> + </IfVersion> +</IfModule> +<IfModule !mod_version.c> + Deny from all +</IfModule> EOT ############### @@ -329,11 +344,41 @@ EOT "$graphsdir/.htaccess" => { perms => WS_SERVE, contents => <<EOT # Allow access to .png and .gif files. <FilesMatch (\\.gif|\\.png)\$> - Allow from all + <IfModule mod_version.c> + <IfVersion < 2.4> + Allow from all + </IfVersion> + <IfVersion >= 2.4> + <IfModule mod_perl.c> + Allow from all + </IfModule> + <IfModule !mod_perl.c> + Require all granted + </IfModule> + </IfVersion> + </IfModule> + <IfModule !mod_version.c> + Allow from all + </IfModule> </FilesMatch> # And no directory listings, either. -Deny from all +<IfModule mod_version.c> + <IfVersion < 2.4> + Deny from all + </IfVersion> + <IfVersion >= 2.4> + <IfModule mod_perl.c> + Deny from all + </IfModule> + <IfModule !mod_perl.c> + Require all denied + </IfModule> + </IfVersion> +</IfModule> +<IfModule !mod_version.c> + Deny from all +</IfModule> EOT }, @@ -342,17 +387,65 @@ EOT # if research.att.com ever changes their IP, or if you use a different # webdot server, you'll need to edit this <FilesMatch \\.dot\$> - Allow from 192.20.225.0/24 - Deny from all + <IfModule mod_version.c> + <IfVersion < 2.4> + Allow from 192.20.225.0/24 + Deny from all + </IfVersion> + <IfVersion >= 2.4> + <IfModule mod_perl.c> + Allow from 192.20.225.0/24 + Deny from all + </IfModule> + <IfModule !mod_perl.c> + Require ip 192.20.225.0/24 + Require all denied + </IfModule> + </IfVersion> + </IfModule> + <IfModule !mod_version.c> + Allow from 192.20.225.0/24 + Deny from all + </IfModule> </FilesMatch> # Allow access to .png files created by a local copy of 'dot' <FilesMatch \\.png\$> - Allow from all + <IfModule mod_version.c> + <IfVersion < 2.4> + Allow from all + </IfVersion> + <IfVersion >= 2.4> + <IfModule mod_perl.c> + Allow from all + </IfModule> + <IfModule !mod_perl.c> + Require all granted + </IfModule> + </IfVersion> + </IfModule> + <IfModule !mod_version.c> + Allow from all + </IfModule> </FilesMatch> # And no directory listings, either. -Deny from all +<IfModule mod_version.c> + <IfVersion < 2.4> + Deny from all + </IfVersion> + <IfVersion >= 2.4> + <IfModule mod_perl.c> + Deny from all + </IfModule> + <IfModule !mod_perl.c> + Require all denied + </IfModule> + </IfVersion> +</IfModule> +<IfModule !mod_version.c> + Deny from all +</IfModule> EOT }, ); |