diff options
| author | Louise Crow <louise.crow@gmail.com> | 2014-11-21 17:28:21 +0000 |
|---|---|---|
| committer | Louise Crow <louise.crow@gmail.com> | 2014-12-22 16:26:29 +0000 |
| commit | 33d310af9b164b3d646203040ac62bfd7170b499 (patch) | |
| tree | 8dd036512f2fc0ee71ade1649364ed854e9d5003 | |
| parent | e0f4e4dea6475c56382047f95ec4fad3fea3f6c3 (diff) | |
Don't allow script execution from the cache directory0.19.0.13hotfix/0.19.0.13
| -rw-r--r-- | config/httpd.conf-example | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/config/httpd.conf-example b/config/httpd.conf-example index 2f6ca9c75..e010ac22f 100644 --- a/config/httpd.conf-example +++ b/config/httpd.conf-example @@ -103,6 +103,13 @@ RewriteCond %{DOCUMENT_ROOT}/views_cache/cy/request/$2/$1/${escape:$3} -f RewriteRule ^/cy/request/((\d{1,3})\d*)/(response/\d+/attach/(html/)?\d+/.+) /views_cache/cy/request/$2/$1/${escape:$3} [L] + # Don't allow anything to execute from the cache + <Directory "/var/www/alaveteli/public/views_cache"> + Options -ExecCGI + SetHandler default-handler + AllowOverride None + </Directory> + # Compress assets <Location /> <IfModule mod_deflate.c> |