implemented a more secure directory structure

author: Christian Pointner <equinox@helsinki.at> 2015-03-19 22:11:15 (GMT)
committer: Christian Pointner <equinox@helsinki.at> 2015-03-19 22:16:10 (GMT)
commit: 259e1c7a81ea9a096c227a6bc44114a7a9cf3a50 (patch)
tree: 051c708e449b5e5afb6ba25bce169b280045f254
parent: d7795f99ed3fb52564fa6d2340d928ae9b191e5b (diff)
18 files changed, 42 insertions, 38 deletions
diff --git a/README b/README
index 5c63071..fb2aa55 100644
--- a/README
+++ b/README
@@ -45,40 +45,44 @@ LDAPTrustedGlobalCert CA_BASE64 /etc/ldap/ldapscert.pem
 add the following to the virtualhost config:
 
 ~~~snip~~~
-  DocumentRoot /var/www/
-  <Directory /var/www/>
-    Options -Indexes -FollowSymLinks MultiViews
-    AllowOverride None
-    Order allow,deny
-    allow from all
-    RedirectMatch 404 /\\.svn(/|$)
-  </Directory>
-  <Directory /var/www/config>
-    Order allow,deny
-    Deny from all
-  </Directory>
-
-  Include /etc/rivendell/apache.conf
-
-  <Location /rh-bin/>
-    SetHandler perl-script
-    PerlResponseHandler ModPerl::Registry
-    PerlOptions +ParseHeaders
-    Options +ExecCGI
-  </Location>
-  <Location /authtoken.json>
-    SetHandler perl-script
-    PerlResponseHandler ModPerl::Registry
-    PerlOptions +ParseHeaders
-    Options +ExecCGI
-    Order deny,allow
-    Deny from All
-    AuthName "Radio Helsinki - Automation Import"
-    AuthType Basic
-    AuthBasicProvider ldap
-    AuthzLDAPAuthoritative off
-    AuthLDAPUrl ldap://ldap.helsinki.at/ou=People,dc=helsinki,dc=at?uid TLS
-    Require valid-user
-    Satisfy any
-  </Location>
+        DocumentRoot /var/www/rhwebimport/www/
+
+	<Directory /var/www/rhwebimport/>
+                Options -Indexes -FollowSymLinks
+                AllowOverride None
+
+		Require all denied
+	</Directory>
+        <Directory /var/www/rhwebimport/www>
+		Require all granted
+        </Directory>
+
+	Include /etc/rivendell/apache-2.4.conf
+	Include /etc/apache2/conf-available/javascript-common.conf
+
+        <Location /rh-bin/>
+                SetHandler perl-script
+                PerlResponseHandler ModPerl::Registry
+                PerlOptions +ParseHeaders
+                Options +ExecCGI
+
+		Require all granted
+        </Location>
+	Alias /rh-bin/ /var/www/rhwebimport/rh-bin/
+
+	<Location /authtoken.json>
+		SetHandler perl-script
+                PerlResponseHandler ModPerl::Registry
+                PerlOptions +ParseHeaders
+                Options +ExecCGI
+
+		AuthName "Radio Helsinki - Automation Import"
+		AuthType Basic
+		AuthBasicProvider ldap
+		AuthLDAPUrl ldap://ldap.helsinki.at/ou=People,dc=helsinki,dc=at?uid TLS
+
+		Require all denied
+		Require valid-user
+        </Location>
+	Alias /authtoken.json /var/www/rhwebimport/authtoken.json
 ~~~/snip~~~
diff --git a/authtoken.json b/authtoken.json
index 94d5042..c65eb64 100755
--- a/authtoken.json
+++ b/authtoken.json
@@ -2,7 +2,7 @@
 
 use strict;
 use File::Basename;
-use lib dirname( __FILE__ ) . '/rh-bin';
+use lib dirname( __FILE__ ) . '/lib';
 use rddb;
 
 my $status = 'ERROR';
diff --git a/rh-bin/rddb.pm b/lib/rddb.pm
index 34321d2..34321d2 100755
--- a/rh-bin/rddb.pm
+++ b/lib/rddb.pm
diff --git a/rh-bin/listdropboxes.cgi b/rh-bin/listdropboxes.cgi
index 14ecf11..8f2be64 100755
--- a/rh-bin/listdropboxes.cgi
+++ b/rh-bin/listdropboxes.cgi
@@ -3,7 +3,7 @@
 use strict;
 use CGI;
 use File::Basename;
-use lib dirname( __FILE__ );
+use lib dirname( __FILE__ ) . '../lib';
 use rddb;
 
 my $status = 'ERROR';
diff --git a/img/audio_file.png b/www/img/audio_file.png
index e084457..e084457 100644
--- a/img/audio_file.png
+++ b/www/img/audio_file.png
diff --git a/img/dz-backdrop.png b/www/img/dz-backdrop.png
index dd73694..dd73694 100644
--- a/img/dz-backdrop.png
+++ b/www/img/dz-backdrop.png
diff --git a/img/dz-backdrop.svg b/www/img/dz-backdrop.svg
index 5083915..5083915 100644
--- a/img/dz-backdrop.svg
+++ b/www/img/dz-backdrop.svg
diff --git a/img/helsinki.png b/www/img/helsinki.png
index ec74fc3..ec74fc3 100644
--- a/img/helsinki.png
+++ b/www/img/helsinki.png
diff --git a/index.html b/www/index.html
index 772e2e5..772e2e5 100644
--- a/index.html
+++ b/www/index.html
diff --git a/js/apps.js b/www/js/apps.js
index 12c9f76..12c9f76 100644
--- a/js/apps.js
+++ b/www/js/apps.js
diff --git a/js/auth.js b/www/js/auth.js
index 29dde31..29dde31 100644
--- a/js/auth.js
+++ b/www/js/auth.js
diff --git a/js/dropzone.js b/www/js/dropzone.js
index 499f4e0..499f4e0 100644
--- a/js/dropzone.js
+++ b/www/js/dropzone.js
diff --git a/js/musicpools.js b/www/js/musicpools.js
index c9c8ac0..c9c8ac0 100644
--- a/js/musicpools.js
+++ b/www/js/musicpools.js
diff --git a/js/shows.js b/www/js/shows.js
index cbf4d73..cbf4d73 100644
--- a/js/shows.js
+++ b/www/js/shows.js
diff --git a/js/utils.js b/www/js/utils.js
index 0237594..0237594 100644
--- a/js/utils.js
+++ b/www/js/utils.js
diff --git a/styles/auth.css b/www/styles/auth.css
index 8100ecd..8100ecd 100644
--- a/styles/auth.css
+++ b/www/styles/auth.css
diff --git a/styles/musicpools.css b/www/styles/musicpools.css
index e69de29..e69de29 100644
--- a/styles/musicpools.css
+++ b/www/styles/musicpools.css
diff --git a/styles/shows.css b/www/styles/shows.css
index a6a4696..a6a4696 100644
--- a/styles/shows.css
+++ b/www/styles/shows.css
author	Christian Pointner <equinox@helsinki.at>	2015-03-19 22:11:15 (GMT)
committer	Christian Pointner <equinox@helsinki.at>	2015-03-19 22:16:10 (GMT)
commit	259e1c7a81ea9a096c227a6bc44114a7a9cf3a50 (patch)
tree	051c708e449b5e5afb6ba25bce169b280045f254
parent	d7795f99ed3fb52564fa6d2340d928ae9b191e5b (diff)