diff options
| author | ftc2 <ftc2@users.noreply.github.com> | 2017-10-01 22:57:21 -0600 |
|---|---|---|
| committer | ftc2 <ftc2@users.noreply.github.com> | 2017-10-01 22:57:21 -0600 |
| commit | 8f97887683581555187caf6bfe4d1f21c5780341 (patch) | |
| tree | 07d83a5c1ade6d82d77286517186dc49c47c7767 /phpBB/docs | |
| parent | fc3d3a83db3357f3275c72ff7b3607666c6307a3 (diff) | |
| download | forums-8f97887683581555187caf6bfe4d1f21c5780341.tar forums-8f97887683581555187caf6bfe4d1f21c5780341.tar.gz forums-8f97887683581555187caf6bfe4d1f21c5780341.tar.bz2 forums-8f97887683581555187caf6bfe4d1f21c5780341.tar.xz forums-8f97887683581555187caf6bfe4d1f21c5780341.zip | |
[ticket/15385] nginx.sample.conf: www redirection, security regex
according to the latest wiki info:
http://wiki.nginx.org/Pitfalls#Taxing_Rewrites
`return 301` is preferred over a rewrite.
also, the 'security' regex breaks some official extensions because it
will match and deny access to `/ext/phpbb`.
looking through the names of dirs and files containing `phpbb`, it
looks like the intent of the regex was to only disallow the folder
`phpbb` in the root dir and not other `/phpbb` matches.
a negative lookbehind was added to specifically not match `/ext/phpbb`
but still match other occurrences of `/phpbb`.
Tracker ticket: https://tracker.phpbb.com/browse/PHPBB3-15385
Diffstat (limited to 'phpBB/docs')
| -rw-r--r-- | phpBB/docs/nginx.sample.conf | 10 |
1 files changed, 4 insertions, 6 deletions
diff --git a/phpBB/docs/nginx.sample.conf b/phpBB/docs/nginx.sample.conf index ce929b6e54..55c01a1fc9 100644 --- a/phpBB/docs/nginx.sample.conf +++ b/phpBB/docs/nginx.sample.conf @@ -18,11 +18,11 @@ http { gzip_vary on; gzip_http_version 1.1; gzip_min_length 700; - + # Compression levels over 6 do not give an appreciable improvement # in compression ratio, but take more resources. gzip_comp_level 6; - + # IE 6 and lower do not support gzip with Vary correctly. gzip_disable "msie6"; # Before nginx 0.7.63: @@ -49,9 +49,7 @@ http { server_name myforums.com; # A trick from http://wiki.nginx.org/Pitfalls#Taxing_Rewrites: - rewrite ^ http://www.myforums.com$request_uri permanent; - # Equivalent to: - #rewrite ^(.*)$ http://www.myforums.com$1 permanent; + return 301 http://www.myforums.com$request_uri; } # The actual board domain. @@ -72,7 +70,7 @@ http { } # Deny access to internal phpbb files. - location ~ /(config\.php|common\.php|cache|files|images/avatars/upload|includes|phpbb|store|vendor) { + location ~ /(config\.php|common\.php|cache|files|images/avatars/upload|includes|(?<!ext/)phpbb|store|vendor) { deny all; # deny was ignored before 0.8.40 for connections over IPv6. # Use internal directive to prohibit access on older versions. |