Skip to content
Snippets Groups Projects

disallow access to dotfiles besides .well-known by default

Merged disallow access to dotfiles besides .well-known by default
feature/disallow_dotfiles into master
All threads resolved!
Merged psy requested to merge feature/disallow_dotfiles into master
All threads resolved!

questions i stumbled upon:

  • use prefix match instead of regex?
    • takes higher precedence
    • only overwritable by more specific match

closes https://git.cccv.de/infra/documentation/-/issues/115

Edited by psy

Merge request reports

Loading
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
  • psy added 2 commits

    added 2 commits

    • 68584d51 - remove commented code
    • 24de0cee - match .well-known only on top level

    Compare with previous version

  • psy resolved all threads

    resolved all threads

  • psy resolved all threads

    resolved all threads

  • psy
    psy @psy
    Author Owner

    i read the docs again and regex matches take precedence over prefix matches.

  • jaan @jaan started a thread on commit 24de0cee
    • templates/vhost.conf.j2
    89 89
    90 90 {% if vhost.disallow_dotfiles %}
    91 91 # explicitly allow .well-known/
    92 location ~ /\.well-known/ {
    92 location ~ ^/\.well-known/ {
    93 93 allow all;
    • J
      jaan @jaan

      maybe add the following line to be on the safe side: default_type "text/plain"; someone might have an interest in executing scripts otherwise ...

    • Please register or sign in to reply
  • psy added 1 commit

    added 1 commit

    • 5d0e01ee - add default type as proposed by jaan

    Compare with previous version

  • psy marked this merge request as draft

    marked this merge request as draft

  • psy added 1 commit

    added 1 commit

    Compare with previous version

  • psy added 1 commit

    added 1 commit

    Compare with previous version

  • psy added 1 commit

    added 1 commit

    • c97f1fdc - do not only match on start of url

    Compare with previous version

  • psy marked this merge request as ready

    marked this merge request as ready

  • psy merged

    merged

  • psy mentioned in commit 3ef51e3b

    mentioned in commit 3ef51e3b

    • Please register or sign in to reply

    Impressum - Datenschutzerklärung