]> git.openstreetmap.org Git - chef.git/commitdiff
Harden forum web server config
authorTom Hughes <tom@compton.nu>
Mon, 5 Sep 2016 19:24:15 +0000 (20:24 +0100)
committerTom Hughes <tom@compton.nu>
Mon, 5 Sep 2016 19:24:15 +0000 (20:24 +0100)
cookbooks/forum/templates/default/apache.erb

index 5d505363b77546cd5514b544a3eb1cff7c828505..d84b0196779a277db1618eb737263384cb801aaa 100644 (file)
        ServerAdmin webmaster@openstreetmap.org
 
        SSLEngine on
-       SSLProtocol all -SSLv2
-       SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
-       SSLCertificateFile /etc/ssl/certs/openstreetmap.pem
-       SSLCertificateKeyFile /etc/ssl/private/openstreetmap.key
 
        CustomLog /var/log/apache2/forum.openstreetmap.org-access.log combined
        ErrorLog /var/log/apache2/forum.openstreetmap.org-error.log
 
        DocumentRoot /srv/forum.openstreetmap.org/html
+
+        php_admin_value open_basedir /srv/forum.openstreetmap.org/html/:/usr/share/php/:/tmp/
+        php_admin_value disable_functions "exec,shell_exec,system,passthru,popen,proc_open"
+        php_value upload_max_filesize 70M
+        php_value post_max_size 100M
 </VirtualHost>
+
+<Directory /srv/forum.openstreetmap.org/html>
+           RewriteEngine on
+
+           RewriteRule ^config\.php$ - [F,L]
+</Directory>
+
+<Directory /srv/forum.openstreetmap.org/html/img>
+        php_admin_flag engine off
+</Directory>