changeset 353:e046606cf218

Fix access control rules Also makes use of newer "mod_allowedmethods" rather than LimitExcept
author IBBoard <dev@ibboard.co.uk>
date Sat, 03 Oct 2020 11:58:27 +0100
parents 03a9bab1a56a
children aad5c00b0525
files modules/website/files/zzz-0-custom.conf modules/website/manifests/init.pp
diffstat 2 files changed, 7 insertions(+), 31 deletions(-) [+]
line wrap: on
line diff
--- a/modules/website/files/zzz-0-custom.conf	Wed Sep 30 19:39:54 2020 +0100
+++ b/modules/website/files/zzz-0-custom.conf	Sat Oct 03 11:58:27 2020 +0100
@@ -49,33 +49,14 @@
 Header unset ETag
 FileETag None
 
-
-<Location /.hg/>
-    <IfVersion < 2.4>
-        Order Allow,Deny
-        Deny from all
-    </IfVersion>
-    <IfVersion >= 2.4>
-        Require all denied
-    </IfVersion>
+<Location />
+	AllowMethods HEAD POST GET OPTIONS
 </Location>
-<Location /.well-known>
-    <IfVersion < 2.4>
-	Order Deny,Allow
-	Allow from all
-    </IfVersion>
-    <IfVersion >= 2.4>
-        Require all granted
-    </IfVersion>
-</Location>
+<Files ".well-known">
+    Require all granted
+</Files>
 <FilesMatch "^((\.|~).*|.*(\.(dist|save|swo|swp|php_backup)|~)|backup\..*\.php)$">
-    <IfVersion < 2.4>
-        Order Allow,Deny
-        Deny from all
-    </IfVersion>
-    <IfVersion >= 2.4>
-        Require all denied
-    </IfVersion>
+    Require all denied
 </FilesMatch>
 
 # "A man is not dead while his name is still spoken." - Going Postal, Chapter 4 prologue
@@ -83,12 +64,6 @@
 	header set X-Clacks-Overhead "GNU Terry Pratchett"
 </IfModule>
 
-<Location />
-    <LimitExcept HEAD POST GET OPTIONS>
-        Require all denied
-    </LimitExcept>
-</Location>
-
 ServerTokens Minor
 
 Header always set Referrer-Policy "no-referrer-when-downgrade"
--- a/modules/website/manifests/init.pp	Wed Sep 30 19:39:54 2020 +0100
+++ b/modules/website/manifests/init.pp	Sat Oct 03 11:58:27 2020 +0100
@@ -50,6 +50,7 @@
     'setenvif':;
     'headers':;
     'version':;
+    'allowmethods':;
   }
 
   # Updating the httpd package puts back some configs that we