Tightened Apache directory permissions to deny access to dotfiles and…

… system directories. This also fixes #59.
shinsenter · Feb 23, 2024 · 07cc889 · 07cc889
1 parent ed90244
commit 07cc889
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 9 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,10 @@
 
 All notable changes to this project will be documented in this file.
 
+## [5.0.2] - 2024-02-23
+
+Tightened Apache directory permissions to deny access to dotfiles and system directories. This also fixes #59.
+
 ## [5.0.1] - 2024-02-16
 
 We have made some minor improvements to the content of debug messages and variable naming.

diff --git a/src/php/with-apache/rootfs/etc/apache2/apache2.conf b/src/php/with-apache/rootfs/etc/apache2/apache2.conf
@@ -167,17 +167,13 @@ Timeout 60
 </Directory>
 
 # Security settings
-<FilesMatch "\.(ht.*|ini|log|sh|c)$">
-    Require all denied
+<FilesMatch "^\.(ht|config|ssh|pem|key|pass|ini|log|sh|c)$">
+    Redirect 404 /
 </FilesMatch>
 
-<DirectoryMatch "/\.(?!well-known)">
-   Require all denied
-</DirectoryMatch>
-
-<FilesMatch "/\.(?!well-known)">
-   Require all denied
-</FilesMatch>
+<LocationMatch "(^|/)\.(?!well-known)">
+    Redirect 404 /
+</LocationMatch>
 
 # Set basic settings for document root
 <Directory ${APP_PATH}>