From ae8131077ef8a4c75c0582b47c871ca0c81ef2ef Mon Sep 17 00:00:00 2001 From: Igor Wiedler Date: Wed, 23 Mar 2011 23:06:55 +0100 Subject: [ticket/10107] Add a webserver section to docs/INSTALL.html Explain what to do with lighttpd and nginx after installing phpBB on one of those webservers. PHPBB3-10107 --- phpBB/docs/INSTALL.html | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'phpBB') diff --git a/phpBB/docs/INSTALL.html b/phpBB/docs/INSTALL.html index 4af185beb3..3cd0e215c3 100644 --- a/phpBB/docs/INSTALL.html +++ b/phpBB/docs/INSTALL.html @@ -79,6 +79,7 @@
  • Important (security related) post-Install tasks for all installation methods
    1. Uploadable avatars
      2. +
    2. Webserver configuration
  • Disclaimer
    • @@ -408,6 +409,12 @@

    Please be aware that setting a directories permissions to global write access is a potential security issue. While it is unlikely that anything nasty will occur (such as all the avatars being deleted) there are always people out there to cause trouble. Therefore you should monitor this directory and if possible make regular backups.

    +

    6.ii. Webserver configuration

    + +

    Depending on your web server you may have to configure your server to deny web access to the files/ and store/ directories. This is to prevent users from accessing private attachments and database backups.

    + +

    For apache there are .htaccess files already in place to do this for you. For other webservers you will have to adjust the configuration yourself. There are sample configuration files for lighttpd and nginx in the docs/ directory.

    +
    Back to Top
    -- cgit v1.2.1 From 03017a8946b5c7dd7f5aa9c47367991071990f5e Mon Sep 17 00:00:00 2001 From: Igor Wiedler Date: Thu, 24 Mar 2011 00:34:09 +0100 Subject: [ticket/10107] Make it clear that provided httpd samples are not perfect PHPBB3-10107 --- phpBB/docs/INSTALL.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB') diff --git a/phpBB/docs/INSTALL.html b/phpBB/docs/INSTALL.html index 3cd0e215c3..c960b49cc6 100644 --- a/phpBB/docs/INSTALL.html +++ b/phpBB/docs/INSTALL.html @@ -413,7 +413,7 @@

    Depending on your web server you may have to configure your server to deny web access to the files/ and store/ directories. This is to prevent users from accessing private attachments and database backups.

    -

    For apache there are .htaccess files already in place to do this for you. For other webservers you will have to adjust the configuration yourself. There are sample configuration files for lighttpd and nginx in the docs/ directory.

    +

    For apache there are .htaccess files already in place to do this for you. For other webservers you will have to adjust the configuration yourself. Sample files for nginx and lighttpd to help you get started may be found in docs directory.

    -- cgit v1.2.1 From 0793b49212599b3536279d2bb5424c2b24cc1669 Mon Sep 17 00:00:00 2001 From: Igor Wiedler Date: Thu, 24 Mar 2011 00:40:56 +0100 Subject: [ticket/10107] Add cache to the enumeration, make statement more generic PHPBB3-10107 --- phpBB/docs/INSTALL.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB') diff --git a/phpBB/docs/INSTALL.html b/phpBB/docs/INSTALL.html index c960b49cc6..9f635fe50b 100644 --- a/phpBB/docs/INSTALL.html +++ b/phpBB/docs/INSTALL.html @@ -411,7 +411,7 @@

    6.ii. Webserver configuration

    -

    Depending on your web server you may have to configure your server to deny web access to the files/ and store/ directories. This is to prevent users from accessing private attachments and database backups.

    +

    Depending on your web server you may have to configure your server to deny web access to the cache/, files/, store/ and other directories. This is to prevent users from accessing sensitive files.

    For apache there are .htaccess files already in place to do this for you. For other webservers you will have to adjust the configuration yourself. Sample files for nginx and lighttpd to help you get started may be found in docs directory.

    -- cgit v1.2.1