Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Turn off Directory Indexes for public directory #1617

Closed
karcaw opened this issue Nov 22, 2021 · 1 comment
Closed

Turn off Directory Indexes for public directory #1617

karcaw opened this issue Nov 22, 2021 · 1 comment
Milestone
Backlog

Comments

@karcaw
Copy link
Contributor

karcaw commented Nov 22, 2021

having the Indexes Option on in the apache config is frowned upon by Web Security folks:
http://cwe.mitre.org/data/definitions/548.html

Can we change:

  Alias "/public" "/var/www/ood/public"
  <Directory "/var/www/ood/public">
    Options Indexes FollowSymLinks
    AllowOverride None
    Require all granted
  </Directory>

to

  Alias "/public" "/var/www/ood/public"
  <Directory "/var/www/ood/public">
    Options FollowSymLinks
    AllowOverride None
    Require all granted
  </Directory>

In the default ood-portal.conf.erb?

ondemand/ood-portal-generator/templates/ood-portal.conf.erb

Line 182 in cf10eec

Options Indexes FollowSymLinks

@osc-bot osc-bot added this to the Backlog milestone Nov 22, 2021
@ghost ghost self-assigned this Nov 22, 2021
ghost pushed a commit that referenced this issue Nov 23, 2021
@gerald-byrket
Removed Index from Public RootOptions as to not allow Directory Index…
3b15fcf 
…ing - Issues #1617
ghost pushed a commit that referenced this issue Nov 24, 2021
Removed Index from Public RootOptions as to not allow Directory Index… (
e011565 
#1618)

* Removed Index from Public RootOptions as to not allow Directory Indexing - Issues #1617

* Cleaned up ood-portal.conf.erb and updated fixtures to not contain Indexes

* Updated CheckSum for ood-portal.conf.default
treydock pushed a commit that referenced this issue Nov 24, 2021
@treydock
Removed Index from Public RootOptions as to not allow Directory Index… (
5a31ff2 
#1618)

* Removed Index from Public RootOptions as to not allow Directory Indexing - Issues #1617

* Cleaned up ood-portal.conf.erb and updated fixtures to not contain Indexes

* Updated CheckSum for ood-portal.conf.default
@treydock treydock mentioned this issue Nov 24, 2021
Merged
johrstrom pushed a commit that referenced this issue Nov 29, 2021
@treydock @gerald-byrket
Removed Index from Public RootOptions as to not allow Directory Index (
0554b0a 
…#1622)

* Removed Index from Public RootOptions as to not allow Directory Index… (#1618)

* Removed Index from Public RootOptions as to not allow Directory Indexing - Issues #1617

* Cleaned up ood-portal.conf.erb and updated fixtures to not contain Indexes

* Updated CheckSum for ood-portal.conf.default

* Add checksum helper script

* Updated default's checksum

Co-authored-by: Gerald Byrket <gbyrket@osc.edu>
@ghost
Copy link

ghost commented Dec 20, 2021

Closing this issue, as it has been resolved and pushed to production.

@ghost ghost closed this as completed Dec 20, 2021
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
2 participants
@karcaw @osc-bot