Merge branch 'ticket/igorw/10107' into develop-olympus

* ticket/igorw/10107: [ticket/10107] Add cache to the enumeration, make statement more generic [ticket/10107] Make it clear that provided httpd samples are not perfect [ticket/10107] Add a webserver section to docs/INSTALL.html
2025-02-24 12:03:21 +01:00 · 2011-03-23 20:12:14 -04:00 · 2011-03-23 20:12:14 -04:00 · c53c255c64
commit c53c255c64
parent 2f6b046f4b 0793b49212
1 changed files with 7 additions and 0 deletions
--- a/phpBB/docs/INSTALL.html
+++ b/phpBB/docs/INSTALL.html
@ -79,6 +79,7 @@
 	<li><a href="#postinstall">Important (security related) post-Install tasks for all installation methods</a>
 	<ol style="list-style-type: lower-roman;">
 		<li><a href="#avatars">Uploadable avatars</a></li>
+		<li><a href="#webserver_configuration">Webserver configuration</a></li>
 	</ol>
 	</li>
 	<li><a href="#disclaimer">Disclaimer</a></li>
@ -408,6 +409,12 @@

 	<p>Please be aware that setting a directories permissions to global write access is a potential security issue. While it is unlikely that anything nasty will occur (such as all the avatars being deleted) there are always people out there to cause trouble. Therefore you should monitor this directory and if possible make regular backups.</p>

+<a name="webserver_configuration"></a><h3>6.ii. Webserver configuration</h3>
+
+	<p>Depending on your web server you may have to configure your server to deny web access to the <code>cache/</code>, <code>files/</code>, <code>store/</code> and other directories. This is to prevent users from accessing sensitive files.</p>
+
+	<p>For <strong>apache</strong> there are <code>.htaccess</code> files already in place to do this for you. For other webservers you will have to adjust the configuration yourself. Sample files for <strong>nginx</strong> and <strong>lighttpd</strong> to help you get started may be found in docs directory.</p>
+
 		</div>

 		<div class="back2top"><a href="#wrap" class="top">Back to Top</a></div>