Charm Helpers

Merge lp:~ivoks/charm-helpers/apache-symlinks-indexes into lp:charm-helpers

Proposed by Ante Karamatić on 2017-03-22

Status:	Merged
Merged at revision:	724
Proposed branch:	lp:~ivoks/charm-helpers/apache-symlinks-indexes
Merge into:	lp:charm-helpers
Diff against target:	19 lines (+10/-0) 1 file modified charmhelpers/contrib/hardening/apache/templates/99-hardening.conf (+10/-0)
To merge this branch:	bzr merge lp:~ivoks/charm-helpers/apache-symlinks-indexes
Related bugs:	Link a bug report

Reviewer	Date Requested	Status
Edward Hope-Morley	2017-03-23	Approve on 2017-03-23
charmers	2017-03-22	Pending
Review via email: mp+320695@code.launchpad.net

Default apache install can leak some unwanted information (filesystem tree). By dropping Indexes and FollowSymLinks that can be mitigated.

This patch ensures Indexes and FollowSymLinks are disabled on Apache locations where those are otherwise, by default enabled.

Revision history for this message

Edward Hope-Morley (hopem) wrote on 2017-03-23:

lgtm

review: Approve

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

People subscribed via source and target branches

to all changes:

 === modified file 'charmhelpers/contrib/hardening/apache/templates/99-hardening.conf'
 --- charmhelpers/contrib/hardening/apache/templates/99-hardening.conf	2017-03-20 10:28:01 +0000
 +++ charmhelpers/contrib/hardening/apache/templates/99-hardening.conf	2017-03-22 17:54:46 +0000
@@ -15,6 +15,16 @@
    </LimitExcept>
  </Location>
++<Directory />
++    Options -Indexes -FollowSymLinks
++    AllowOverride None
++</Directory>
++
++<Directory /var/www/>
++    Options -Indexes -FollowSymLinks
++    AllowOverride None
++</Directory>
++
  TraceEnable {{ traceenable }}
  ServerTokens {{ servertokens }}