diff options
| author | Louise Crow <louise.crow@gmail.com> | 2014-11-21 17:28:21 +0000 | 
|---|---|---|
| committer | Louise Crow <louise.crow@gmail.com> | 2014-12-19 16:57:52 +0000 | 
| commit | fe96b9bce85267ee4082d53a177d914c19714206 (patch) | |
| tree | d74481bc2e171c962067d0da4a8697269bb400f3 | |
| parent | a21420efff11968c58c9d220ea5f9974142056b6 (diff) | |
Don't allow script execution from the cache directory
| -rw-r--r-- | config/httpd.conf-example | 7 | 
1 files changed, 7 insertions, 0 deletions
| diff --git a/config/httpd.conf-example b/config/httpd.conf-example index 2f6ca9c75..e010ac22f 100644 --- a/config/httpd.conf-example +++ b/config/httpd.conf-example @@ -103,6 +103,13 @@      RewriteCond %{DOCUMENT_ROOT}/views_cache/cy/request/$2/$1/${escape:$3} -f      RewriteRule ^/cy/request/((\d{1,3})\d*)/(response/\d+/attach/(html/)?\d+/.+) /views_cache/cy/request/$2/$1/${escape:$3} [L] +    # Don't allow anything to execute from the cache +    <Directory "/var/www/alaveteli/public/views_cache"> +        Options -ExecCGI +        SetHandler default-handler +        AllowOverride None +    </Directory> +      # Compress assets      <Location />          <IfModule mod_deflate.c> | 
