From: Frédéric Buclin Date: Tue, 28 Aug 2012 22:06:46 +0000 (+0200) Subject: Bug 785511: Prevent directory browsing, especially in docs/ and extensions/ X-Git-Tag: bugzilla-4.3.3~11 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=913f68b91f16bd364d9709c85ac120f061913087;p=thirdparty%2Fbugzilla.git Bug 785511: Prevent directory browsing, especially in docs/ and extensions/ r=dkl a=LpSolit --- diff --git a/.htaccess b/.htaccess index 4b06fe9a9c..27f478afda 100644 --- a/.htaccess +++ b/.htaccess @@ -2,6 +2,9 @@ deny from all + +Options -Indexes + diff --git a/docs/en/xml/installation.xml b/docs/en/xml/installation.xml index 8c5c29b8e8..18de454b9f 100644 --- a/docs/en/xml/installation.xml +++ b/docs/en/xml/installation.xml @@ -1056,19 +1056,20 @@ SetEnv LD_LIBRARY_PATH /u01/app/oracle/product/10.2.0/lib/ <Directory /var/www/html/bugzilla> AddHandler cgi-script .cgi -Options +Indexes +ExecCGI -DirectoryIndex index.cgi -AllowOverride Limit FileInfo Indexes +Options +ExecCGI +DirectoryIndex index.cgi index.html +AllowOverride Limit FileInfo Indexes Options </Directory> These instructions: allow apache to run .cgi files found within the bugzilla directory; instructs the server to look - for a file called index.cgi if someone + for a file called index.cgi or, if not + found, index.html if someone only types the directory name into the browser; and allows Bugzilla's .htaccess files to override - global permissions. + some global permissions.