Mercurial > repos > other > Puppet
changeset 353:e046606cf218
Fix access control rules
Also makes use of newer "mod_allowedmethods" rather than LimitExcept
| author | IBBoard <dev@ibboard.co.uk> |
|---|---|
| date | Sat, 03 Oct 2020 11:58:27 +0100 |
| parents | 03a9bab1a56a |
| children | aad5c00b0525 |
| files | modules/website/files/zzz-0-custom.conf modules/website/manifests/init.pp |
| diffstat | 2 files changed, 7 insertions(+), 31 deletions(-) [+] |
line wrap: on
line diff
--- a/modules/website/files/zzz-0-custom.conf Wed Sep 30 19:39:54 2020 +0100 +++ b/modules/website/files/zzz-0-custom.conf Sat Oct 03 11:58:27 2020 +0100 @@ -49,33 +49,14 @@ Header unset ETag FileETag None - -<Location /.hg/> - <IfVersion < 2.4> - Order Allow,Deny - Deny from all - </IfVersion> - <IfVersion >= 2.4> - Require all denied - </IfVersion> +<Location /> + AllowMethods HEAD POST GET OPTIONS </Location> -<Location /.well-known> - <IfVersion < 2.4> - Order Deny,Allow - Allow from all - </IfVersion> - <IfVersion >= 2.4> - Require all granted - </IfVersion> -</Location> +<Files ".well-known"> + Require all granted +</Files> <FilesMatch "^((\.|~).*|.*(\.(dist|save|swo|swp|php_backup)|~)|backup\..*\.php)$"> - <IfVersion < 2.4> - Order Allow,Deny - Deny from all - </IfVersion> - <IfVersion >= 2.4> - Require all denied - </IfVersion> + Require all denied </FilesMatch> # "A man is not dead while his name is still spoken." - Going Postal, Chapter 4 prologue @@ -83,12 +64,6 @@ header set X-Clacks-Overhead "GNU Terry Pratchett" </IfModule> -<Location /> - <LimitExcept HEAD POST GET OPTIONS> - Require all denied - </LimitExcept> -</Location> - ServerTokens Minor Header always set Referrer-Policy "no-referrer-when-downgrade"