From 5210db9e8bf164bddca83ebcb7c78fc6bb9fc9e7 Mon Sep 17 00:00:00 2001 From: Tibor Blaho Date: Thu, 31 Mar 2016 21:07:39 +0200 Subject: [PATCH 1/2] Fix denied Roundcube nginx locations --- conf/nginx-alldomains.conf | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/conf/nginx-alldomains.conf b/conf/nginx-alldomains.conf index 995745e4..89ebc3a8 100644 --- a/conf/nginx-alldomains.conf +++ b/conf/nginx-alldomains.conf @@ -26,9 +26,22 @@ index index.php; alias /usr/local/lib/roundcubemail/; } - location ~ /mail/config/.* { - # A ~-style location is needed to give this precedence over the next block. - return 403; + location ~ ^/mail/(config|temp|logs)/ { + deny all; + } + location ~ ^/mail/(README|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ { + deny all; + } + location ~ ^/mail/(bin|SQL)/ { + deny all; + } + location ~ ^/mail/(.+\.md)$ { + deny all; + } + location ~ ^/mail/\. { + deny all; + access_log off; + log_not_found off; } location ~ /mail/.*\.php { # note: ~ has precendence over a regular location block From 8cac4cd5e700c6e59865e38283cd1443c245a625 Mon Sep 17 00:00:00 2001 From: Tibor Blaho Date: Thu, 31 Mar 2016 21:28:59 +0200 Subject: [PATCH 2/2] Updated based on recommendations from .htaccess --- conf/nginx-alldomains.conf | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/conf/nginx-alldomains.conf b/conf/nginx-alldomains.conf index 89ebc3a8..d9080e62 100644 --- a/conf/nginx-alldomains.conf +++ b/conf/nginx-alldomains.conf @@ -26,16 +26,13 @@ index index.php; alias /usr/local/lib/roundcubemail/; } - location ~ ^/mail/(config|temp|logs)/ { + location ~ ^/mail/(config|temp|logs|bin|SQL)/ { deny all; } location ~ ^/mail/(README|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ { deny all; } - location ~ ^/mail/(bin|SQL)/ { - deny all; - } - location ~ ^/mail/(.+\.md)$ { + location ~ ^/mail/(.+\.md|composer\.json.*|package\.xml|Dockerfile)$ { deny all; } location ~ ^/mail/\. {