[Koha-bugs] [Bug 16922] Add RewriteRule to apache-shared-intranet for dev package installs
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Fri Jul 15 08:50:02 CEST 2016
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16922
--- Comment #1 from Marcel de Rooy <m.de.rooy at rijksmuseum.nl> ---
Created attachment 53410
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=53410&action=edit
Bug 16922: Add RewriteRule to apache-shared-intranet for dev package installs
As a simple alternative to the solution in bug 9949 or just as an
additional measure, this patch adds a rewrite rule for intranet
in order to intercept potential misuse of perl scripts that could be
reached on a dev package install via the cgi-bin/koha scriptalias.
It simply rewrites them to the nonexistent "notfound", resulting in a
regular 404 error.
The rewrite rule does not harm regular installs and is just a little extra
step in securing a dev install. You should have more security measures in
place to secure your staff client.
QA Note: Although a rewrite rule may not be our first choice, this one
rule is more elegant and easier to maintain than e.g. a whole bunch of
aliases.
Note: This patch should have a regular and a dev install signoff.
Test plan:
[1] Make sure that this rewrite rule is inserted in your actual apache
config via /etc/koha/apache-shared-intranet.conf. Restart Apache.
[2] For regular package installs:
Try one of the URLs in step 3.
Verify that your staff client still operates as usual. Test a few
URLs inside some modules.
[3] For dev installs:
Try some URLs like below.
Expect 404 errors only, not 500s. If you do not see a 404, go back!
/misc/stage_file.pl
/t/db_dependent/default_search_class.pl
/installer/data/mysql/updatedatabase.pl
/Makefile.PL
[4] Do you see an additional directory to add to the regex? Please report.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list