From 94198dbdb577a0df8e3dbebaf5327520a1bd0854 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Holcroft Date: Mon, 3 Sep 2018 23:44:41 +0200 Subject: [PATCH] Protect against alias_traversal & httpoxy --- README.md | 1 - check_process | 2 +- conf/nginx.conf | 5 ++++- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 492978e..6c59614 100644 --- a/README.md +++ b/README.md @@ -17,5 +17,4 @@ sudo yunohost app install --url grav https://github.com/YunoHost-Apps/grav_ynh ## TODO -[ ] fix alias_traversal [ ] send email to admin \ No newline at end of file diff --git a/check_process b/check_process index db410f8..870758e 100644 --- a/check_process +++ b/check_process @@ -41,4 +41,4 @@ Notification=all ;;; Upgrade options ; commit=8b79023a4fb3633b1a01e4ad4dafb41a5344c3fd name=pre rebuild - manifest_arg=domain=DOMAIN&path=PATH&admin=USER&language=fr_FR&is_public="Yes"& \ No newline at end of file + manifest_arg=domain=DOMAIN&path=PATH&admin=USER&language=fr_FR&is_public=PUBLIC& \ No newline at end of file diff --git a/conf/nginx.conf b/conf/nginx.conf index 4e3560e..78ad0cb 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,4 +1,5 @@ -location __PATH__ { +#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent; +location __PATH__/ { alias __FINALPATH__/; index index.php; @@ -33,6 +34,8 @@ location __PATH__ { fastcgi_pass unix:/var/run/php/php7.0-fpm-__NAME__.sock; fastcgi_index index.php; include fastcgi_params; + # https://learn.getgrav.org/webservers-hosting/servers/nginx#fix-against-httpoxy-vulnerability + fastcgi_param HTTP_PROXY ""; fastcgi_param REMOTE_USER $remote_user; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param SCRIPT_FILENAME $request_filename;