diff options
| author | Christian Pointner <equinox@helsinki.at> | 2015-03-19 22:11:15 (GMT) |
|---|---|---|
| committer | Christian Pointner <equinox@helsinki.at> | 2015-03-19 22:16:10 (GMT) |
| commit | 259e1c7a81ea9a096c227a6bc44114a7a9cf3a50 (patch) | |
| tree | 051c708e449b5e5afb6ba25bce169b280045f254 /README | |
| parent | d7795f99ed3fb52564fa6d2340d928ae9b191e5b (diff) | |
implemented a more secure directory structure
Diffstat (limited to 'README')
| -rw-r--r-- | README | 76 |
1 files changed, 40 insertions, 36 deletions
@@ -45,40 +45,44 @@ LDAPTrustedGlobalCert CA_BASE64 /etc/ldap/ldapscert.pem add the following to the virtualhost config: ~~~snip~~~ - DocumentRoot /var/www/ - <Directory /var/www/> - Options -Indexes -FollowSymLinks MultiViews - AllowOverride None - Order allow,deny - allow from all - RedirectMatch 404 /\\.svn(/|$) - </Directory> - <Directory /var/www/config> - Order allow,deny - Deny from all - </Directory> - - Include /etc/rivendell/apache.conf - - <Location /rh-bin/> - SetHandler perl-script - PerlResponseHandler ModPerl::Registry - PerlOptions +ParseHeaders - Options +ExecCGI - </Location> - <Location /authtoken.json> - SetHandler perl-script - PerlResponseHandler ModPerl::Registry - PerlOptions +ParseHeaders - Options +ExecCGI - Order deny,allow - Deny from All - AuthName "Radio Helsinki - Automation Import" - AuthType Basic - AuthBasicProvider ldap - AuthzLDAPAuthoritative off - AuthLDAPUrl ldap://ldap.helsinki.at/ou=People,dc=helsinki,dc=at?uid TLS - Require valid-user - Satisfy any - </Location> + DocumentRoot /var/www/rhwebimport/www/ + + <Directory /var/www/rhwebimport/> + Options -Indexes -FollowSymLinks + AllowOverride None + + Require all denied + </Directory> + <Directory /var/www/rhwebimport/www> + Require all granted + </Directory> + + Include /etc/rivendell/apache-2.4.conf + Include /etc/apache2/conf-available/javascript-common.conf + + <Location /rh-bin/> + SetHandler perl-script + PerlResponseHandler ModPerl::Registry + PerlOptions +ParseHeaders + Options +ExecCGI + + Require all granted + </Location> + Alias /rh-bin/ /var/www/rhwebimport/rh-bin/ + + <Location /authtoken.json> + SetHandler perl-script + PerlResponseHandler ModPerl::Registry + PerlOptions +ParseHeaders + Options +ExecCGI + + AuthName "Radio Helsinki - Automation Import" + AuthType Basic + AuthBasicProvider ldap + AuthLDAPUrl ldap://ldap.helsinki.at/ou=People,dc=helsinki,dc=at?uid TLS + + Require all denied + Require valid-user + </Location> + Alias /authtoken.json /var/www/rhwebimport/authtoken.json ~~~/snip~~~ |