diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2018-12-06 14:56:19 +0100 | 
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2018-12-06 14:56:19 +0100 | 
| commit | fc0ae167c7db24bcec6d3b3125fa610c8384ac1e (patch) | |
| tree | 6cfebfb74f6d0459623691677828e6bab3c5971f /roles/wiki/files/var | |
| parent | a98522cc7e5c1a6e64ee8b65648a005aa7494d1c (diff) | |
Roundcube: improve serving of static resources.
We only serve whitelisted extensions (css, js, png, etc.), and only for
some selected sub-directories.  Access to everything else (incl. log
files and config files) is denied with a 404.  This is unlike upstream's
.htaccess file, which blacklists restricted locations and happily serves
the rest:
    https://github.com/roundcube/roundcubemail/blob/master/.htaccess#L8
To find out which extensions exist on the file system, run
    find -L /var/lib/roundcube/{plugins,program/js,program/resources,skins} -type f \
        | sed -n 's/.*\.//p' | sort | uniq -c
Diffstat (limited to 'roles/wiki/files/var')
0 files changed, 0 insertions, 0 deletions
