Commit 42fe16a5 authored by Jérôme Jutteau's avatar Jérôme Jutteau

[TASK] Add documentation about var folder protection with lighttpd

Signed-off-by: Jérôme Jutteau's avatarJerome Jutteau <mojo@couak.net>
parent 1d1c1ce5
......@@ -143,6 +143,14 @@ location ~ /var-.* {
}
```
If you are using lighttpd, you can deny access to ```var``` folder in your configuration:
```
$HTTP["url"] =~ "^/var-*" {
url.access-deny = ("")
}
```
You should also remove un-necessessary write access once the installation is done (ex: configuration file).
An other obvious basic security is to let access users to the site by HTTPS (make sure `web_root` in you `config.local.php` is set with https).
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment