Roundcubemail devel
parent: e84fafce | patch | commit | ignore whitespace
Thomas Bruederli
2015-05-07 012555c1cef35601b543cde67bff8726de97eb39 
Add .htaccess files to deny access to config, temp, logs + describe how to protect access to these directories in the INSTALL instructions (#1490378)
3 files added
1 files modified
23 ■■■■■ changed files
INSTALL 17 ●●●●● patch | view | raw | blame | history
config/.htaccess 2 ●●●●● patch | view | raw | blame | history
logs/.htaccess 2 ●●●●● patch | view | raw | blame | history
temp/.htaccess 2 ●●●●● patch | view | raw | blame | history 
 INSTALL


@@ -153,6 +153,23 @@


    php_value       upload_max_filesize     2M






SECURE YOUR INSTALLATION


========================




Access through the webserver to the following directories should be denied:




  /config


  /temp


  /logs




Roundcube uses .htaccess files to protect these directories, so be sure to


allow override of the Limit directives to get them taken into account. The


package also ships a .htaccess file in the root directory which defines some


rewrite rules. In order to properly secure your installation, please enable


mod_rewrite for Apache webserver and double check access to the above listed


directories and their contents is denied.






UPGRADING


=========






 config/.htaccess


New file


@@ -0,0 +1,2 @@


# deny webserver access to this directory


Deny from all




 logs/.htaccess


New file


@@ -0,0 +1,2 @@


# deny webserver access to this directory


Deny from all




 temp/.htaccess


New file


@@ -0,0 +1,2 @@


# deny webserver access to this directory


Deny from all