diff options
| author | Oleg Pudeyev <oleg@bsdpower.com> | 2011-03-23 20:12:25 -0400 |
|---|---|---|
| committer | Oleg Pudeyev <oleg@bsdpower.com> | 2011-03-23 20:12:25 -0400 |
| commit | 6b671176ed530413aaddf1ccf83fd85a7bfd55d6 (patch) | |
| tree | c67a4290a10628b94ade09c6e745169a8fefe307 | |
| parent | c63676e80203df54864d2c5a81d440f44ac53450 (diff) | |
| parent | c53c255c6402f17f6e47dcf30a87f49e082291ca (diff) | |
| download | forums-6b671176ed530413aaddf1ccf83fd85a7bfd55d6.tar forums-6b671176ed530413aaddf1ccf83fd85a7bfd55d6.tar.gz forums-6b671176ed530413aaddf1ccf83fd85a7bfd55d6.tar.bz2 forums-6b671176ed530413aaddf1ccf83fd85a7bfd55d6.tar.xz forums-6b671176ed530413aaddf1ccf83fd85a7bfd55d6.zip | |
Merge branch 'develop-olympus' into develop
* develop-olympus:
[ticket/10107] Add cache to the enumeration, make statement more generic
[ticket/10107] Make it clear that provided httpd samples are not perfect
[ticket/10107] Add a webserver section to docs/INSTALL.html
| -rw-r--r-- | phpBB/docs/INSTALL.html | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/phpBB/docs/INSTALL.html b/phpBB/docs/INSTALL.html index 4af185beb3..9f635fe50b 100644 --- a/phpBB/docs/INSTALL.html +++ b/phpBB/docs/INSTALL.html @@ -79,6 +79,7 @@ <li><a href="#postinstall">Important (security related) post-Install tasks for all installation methods</a> <ol style="list-style-type: lower-roman;"> <li><a href="#avatars">Uploadable avatars</a></li> + <li><a href="#webserver_configuration">Webserver configuration</a></li> </ol> </li> <li><a href="#disclaimer">Disclaimer</a></li> @@ -408,6 +409,12 @@ <p>Please be aware that setting a directories permissions to global write access is a potential security issue. While it is unlikely that anything nasty will occur (such as all the avatars being deleted) there are always people out there to cause trouble. Therefore you should monitor this directory and if possible make regular backups.</p> +<a name="webserver_configuration"></a><h3>6.ii. Webserver configuration</h3> + + <p>Depending on your web server you may have to configure your server to deny web access to the <code>cache/</code>, <code>files/</code>, <code>store/</code> and other directories. This is to prevent users from accessing sensitive files.</p> + + <p>For <strong>apache</strong> there are <code>.htaccess</code> files already in place to do this for you. For other webservers you will have to adjust the configuration yourself. Sample files for <strong>nginx</strong> and <strong>lighttpd</strong> to help you get started may be found in docs directory.</p> + </div> <div class="back2top"><a href="#wrap" class="top">Back to Top</a></div> |