Bug 785511: Prevent directory browsing, especially in docs/ and extensions/

r=dkl a=LpSolit

Bug 785511: Prevent directory browsing, especially in docs/ and extensions/
913f68b9 · Frédéric Buclin · a3b0a94e · 913f68b9 · 913f68b9
Commit 913f68b9 authored Aug 29, 2012 by Frédéric Buclin
Hide whitespace changes
Inline Side-by-side

Showing with 9 additions and 5 deletions

.htaccess .htaccess +3 -0

installation.xml docs/en/xml/installation.xml +6 -5

No files found.
--- a/.htaccess
+++ b/.htaccess
@@ -2,6 +2,9 @@
 <FilesMatch ^(.*\.pm|.*\.pl|.*localconfig.*)$>
  deny from all
 </FilesMatch>
+
+Options -Indexes
+
 <IfModule mod_expires.c>
 <IfModule mod_headers.c>
 <IfModule mod_env.c>

--- a/docs/en/xml/installation.xml
+++ b/docs/en/xml/installation.xml
@@ -1056,19 +1056,20 @@ SetEnv LD_LIBRARY_PATH /u01/app/oracle/product/10.2.0/lib/
                <programlisting>
 &lt;Directory /var/www/html/bugzilla&gt;
 AddHandler cgi-script .cgi
-Options +Indexes +ExecCGI
-DirectoryIndex index.cgi
-AllowOverride Limit FileInfo Indexes
+Options +ExecCGI
+DirectoryIndex index.cgi index.html
+AllowOverride Limit FileInfo Indexes Options
 &lt;/Directory&gt;
                </programlisting>
    
                <para>
                These instructions: allow apache to run .cgi files found
                within the bugzilla directory; instructs the server to look
-                for a file called <filename>index.cgi</filename> if someone
+                for a file called <filename>index.cgi</filename> or, if not
+                found, <filename>index.html</filename> if someone
                only types the directory name into the browser; and allows
                Bugzilla's <filename>.htaccess</filename> files to override
-                global permissions.
+                some global permissions.
                </para>
    
                <note>