tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 12:05:37 +00:00
Code Issues Projects Releases Wiki Activity

Remove module blacklist

Browse Source 
- It's not necessary, as SilverStripe returns a not-found page when an
  attempt is made to retrieve a file directly from a module.
- Also format as a fenced code block and style as nginx.
This commit is contained in:
Fred Condo 2018-01-24 15:53:23 -08:00
parent de25c93b75
commit 8f91f35526
1 changed files with 63 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

134
docs/en/00_Getting_Started/01_Installation/How_To/Configure_Nginx.md
View File

@ -18,83 +18,75 @@ Especially be aware of [accidental php-execution](https://nealpoole.com/blog/201
But enough of the disclaimer, on to the actual configuration — typically in `nginx.conf`: But enough of the disclaimer, on to the actual configuration — typically in `nginx.conf`:
server { ```nginx
include mime.types; server {
default_type application/octet-stream; include mime.types;
client_max_body_size 0; # Manage this in php.ini default_type application/octet-stream;
listen 80; client_max_body_size 0; # Manage this in php.ini
root /path/to/ss/folder; listen 80;
server_name example.com www.example.com; root /path/to/ss/folder;
server_name example.com www.example.com;
# Defend against SS-2015-013 -- http://www.silverstripe.org/software/download/security-releases/ss-2015-013 # Defend against SS-2015-013 -- http://www.silverstripe.org/software/download/security-releases/ss-2015-013
if ($http_x_forwarded_host) { if ($http_x_forwarded_host) {
return 400; return 400;
} }
location / { location / {
try_files $uri /framework/main.php?url=$uri&$query_string; try_files $uri /framework/main.php?url=$uri&$query_string;
} }
error_page 404 /assets/error-404.html; error_page 404 /assets/error-404.html;
error_page 500 /assets/error-500.html; error_page 500 /assets/error-500.html;
location ^~ /assets/ { location ^~ /assets/ {
sendfile on; sendfile on;
try_files $uri =404; try_files $uri =404;
} }
location ~ /framework/.*(main|rpc|tiny_mce_gzip)\.php$ { location ~ /framework/.*(main|rpc|tiny_mce_gzip)\.php$ {
fastcgi_buffer_size 32k; fastcgi_buffer_size 32k;
fastcgi_busy_buffers_size 64k; fastcgi_busy_buffers_size 64k;
fastcgi_buffers 4 32k; fastcgi_buffers 4 32k;
fastcgi_keep_conn on; fastcgi_keep_conn on;
fastcgi_pass 127.0.0.1:9000; fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php; fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params; include fastcgi_params;
} }
# Core denial (change mysite if you use a different name) # Denials
location ~ /(mysite|framework|cms)/.*\.(php|php3|php4|php5|phtml|inc)$ { location ~ /\.. {
deny all; deny all;
} }
location ~ \.ss$ {
# Modules denial (edit the regex to match your installed modules) satisfy any;
location ~ /(buildtools|colorpicker|docsviewer|editlock|geoip|googlesitemaps|mathspamprotection|sortablegridfield|spamprotection|testsession|userforms)/.*\.(php|php3|php4|php5|phtml|inc)$ { allow 127.0.0.1;
deny all; deny all;
} }
location ~ web\.config$ {
# Other denials deny all;
location ~ /\.. { }
deny all; location ~ \.ya?ml$ {
} deny all;
location ~ \.ss$ { }
satisfy any; location ~* README.*$ {
allow 127.0.0.1; deny all;
deny all; }
} location ^~ /vendor/ {
location ~ web\.config$ { deny all;
deny all; }
} location ~* /silverstripe-cache/ {
location ~ \.ya?ml$ { deny all;
deny all; }
} location ~* composer\.(json|lock)$ {
location ~* README.*$ { deny all;
deny all; }
} location ~* /(cms|framework)/silverstripe_version$ {
location ^~ /vendor/ { deny all;
deny all; }
} }
location ~* /silverstripe-cache/ { ```
deny all;
}
location ~* composer\.(json|lock)$ {
deny all;
}
location ~* /(cms|framework)/silverstripe_version$ {
deny all;
}
}
The above configuration sets up a virtual host `example.com` with The above configuration sets up a virtual host `example.com` with
rewrite rules suited for SilverStripe. The location block for framework rewrite rules suited for SilverStripe. The location block for framework