Block direct image downloads for private wikis

author Tom Hughes <tom@compton.nu>

Sun, 14 Dec 2014 22:14:18 +0000 (22:14 +0000)

committer Tom Hughes <tom@compton.nu>

Sun, 14 Dec 2014 22:14:18 +0000 (22:14 +0000)
author Tom Hughes <tom@compton.nu>
Sun, 14 Dec 2014 22:14:18 +0000 (22:14 +0000)
committer Tom Hughes <tom@compton.nu>
Sun, 14 Dec 2014 22:14:18 +0000 (22:14 +0000)
diff --git a/cookbooks/mediawiki/templates/default/apache.erb b/cookbooks/mediawiki/templates/default/apache.erb

index dcded20ccb59c0dedcc049eb0a229f0e982be429..b37ec1b0c898f6aeadaa49ad2aa9cda391370ad1 100644 (file)
--- a/cookbooks/mediawiki/templates/default/apache.erb
+++ b/cookbooks/mediawiki/templates/default/apache.erb
@@ -58,6 +58,15 @@
      php_admin_flag engine off
      Options -ExecCGI -Includes -Indexes
      AllowOverride None
+    AddType text/plain .html .htm .shtml
+<% if @mediawiki[:private] -%>
+<% if node[:lsb][:release].to_f >= 14.04 -%>
+    Require all denied
+<% else -%>
+    Order allow,deny
+    Deny from all
+<% end -%>
+<% end -%>
    </Directory>
  
    <Directory <%= @mediawiki[:directory] %>/images/thumb/>
@@ -98,13 +107,6 @@
  <% end -%>
    </Files>
  
-  <Directory <%= @mediawiki[:directory] %>/images/>
-    Options -ExecCGI -Includes -Indexes
-    AllowOverride None
-    AddType text/plain .html .htm .shtml
-    php_admin_flag engine off
-  </Directory>
-
    <Directory <%= @mediawiki[:directory] %>/cache/>
      Options -ExecCGI -Includes -Indexes
      AllowOverride None
author	Tom Hughes <tom@compton.nu>
	Sun, 14 Dec 2014 22:14:18 +0000 (22:14 +0000)
committer	Tom Hughes <tom@compton.nu>
	Sun, 14 Dec 2014 22:14:18 +0000 (22:14 +0000)