rpm/roundcubemail
SHA256
1
0
Fork 0
forked from pool/roundcubemail
Code Pull Requests Activity
3ade784f18
roundcubemail/roundcubemail-httpd.conf
Lars Vogdt 3ade784f18 Accepting request 644894 from home:lrupp:branches:server:php:applications 
- Upgrade to version 1.3.8:
  * Fix PHP warnings on dummy QUOTA responses in Courier-IMAP 4.17.1 (#6374)
  * Fix so fallback from BINARY to BODY FETCH is used also on [PARSE] errors in dovecot 2.3 (#6383)
  * Enigma: Fix deleting keys with authentication subkeys (#6381)
  * Fix invalid regular expressions that throw warnings on PHP 7.3 (#6398)
  * Fix so Classic skin splitter does not escape out of window (#6397)
  * Fix XSS issue in handling invalid style tag content (#6410)
  * Fix compatibility with MySQL 8 - error on 'system' table use
  * Managesieve: Fix bug where show_real_foldernames setting wasn't respected (#6422)
  * New_user_identity: Fix %fu/%u vars substitution in user specific LDAP params (#6419)
  * Fix support for "allow-from " in x_frame_options config option (#6449)
  * Fix bug where valid content between HTML comments could have been skipped in some cases (#6464)
  * Fix multiple VCard field search (#6466)
  * Fix session issue on long running requests (#6470)
- add files with .log entry to logrotate config
- enhance apache configuration by:
  + disable mbstring function overload (http://bugs.php.net/bug.php?id=30766)
  + do not allow to see README*, INSTALL, LICENSE or CHANGELOG files
  + set additional headers:
  ++ Content-Security-Policy: ask browsers to not set the referrer
  ++ Cache-Control: ask not to cache the content
  ++ Strict-Transport-Security: set HSTS rules for SSL traffic
  ++ X-XSS-Protection: configure built in reflective XSS protection
- adjust README.openSUSE: 
  + db.inc.php is not used any longer
  + flush privileges after creating/changing users in mysql
- use %%license macro on newer distributions

OBS-URL: https://build.opensuse.org/request/show/644894
OBS-URL: https://build.opensuse.org/package/show/server:php:applications/roundcubemail?expand=0&rev=121
2018-10-26 14:42:37 +00:00

339 lines
10 KiB
Plaintext
Raw Blame History

# You might want to set up a virtual host for the server, but it is
# not a requirement. You can as well reach the server under its
# common name under https://yourroundcubeserver.example.com/
#
# NameVirtualHost *
# <VirtualHost *>
# ServerName yourroundcubeserver.example.com
# DocumentRoot __ROUNDCUBEPATH__
<IfModule mod_alias.c>
Alias /roundcubemail "__ROUNDCUBEPATH__/public_html"
</IfModule>
# AddDefaultCharset UTF-8
AddType text/x-component .htc
<Directory "__ROUNDCUBEPATH__/public_html">
<IfModule mod_version.c>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
<IfVersion >= 2.4>
<IfModule mod_authz_core.c>
Require all granted
</IfModule>
<IfModule mod_access_compat.c>
Order allow,deny
Allow from all
</IfModule>
</IfVersion>
</IfModule>
<IfModule !mod_version.c>
Order allow,deny
Allow from all
</IfModule>
<IfModule mod_php5.c>
php_flag display_errors Off
php_flag log_errors On
#php_value error_log logs/errors
php_value upload_max_filesize 5M
php_value post_max_size 6M
php_value memory_limit 64M
php_flag register_globals Off
php_flag zlib.output_compression Off
php_flag magic_quotes_gpc Off
php_flag magic_quotes_runtime Off
php_flag suhosin.session.encrypt Off
#php_value session.cookie_path /
#php_value session.hash_function sha256
php_flag session.auto_start Off
php_value session.gc_maxlifetime 21600
php_value session.gc_divisor 500
php_value session.gc_probability 1
# http://bugs.php.net/bug.php?id=30766
php_value mbstring.func_overload 0
</IfModule>
<IfModule mod_php7.c>
php_flag display_errors Off
php_flag log_errors On
#php_value error_log logs/errors
php_value upload_max_filesize 5M
php_value post_max_size 6M
php_value memory_limit 64M
php_flag register_globals Off
php_flag zlib.output_compression Off
php_flag magic_quotes_gpc Off
php_flag magic_quotes_runtime Off
php_flag suhosin.session.encrypt Off
#php_value session.cookie_path /
#php_value session.hash_function sha256
php_flag session.auto_start Off
php_value session.gc_maxlifetime 21600
php_value session.gc_divisor 500
php_value session.gc_probability 1
# http://bugs.php.net/bug.php?id=30766
php_value mbstring.func_overload 0
</IfModule>
<IfModule mod_rewrite.c>
Options +SymLinksIfOwnerMatch
RewriteEngine On
RewriteRule ^favicon\.ico$ skins/larry/images/favicon.ico
# security rules:
# - deny access to files not containing a dot or starting with a dot
# in all locations except installer directory
RewriteRule ^(?!installer|\.well-known\/|[a-f0-9]{16})(\.?[^\.]+)$ - [F]
# - deny access to some locations
RewriteRule ^/?(\.git|\.tx|\.md|SQL|bin|config|logs|temp|tests|program\/(include|lib|localization|steps)) - [F]
# - deny access to composer binaries
RewriteRule ^/vendor\/bin\/.* - [F]
# - deny access to some documentation files
RewriteRule /?(README|INSTALL|LICENSE|CHANGELOG|composer\.json-dist|composer\.json|package\.xml|Dockerfile)$ - [F]
# security rules
</IfModule>
<IfModule mod_deflate.c>
SetOutputFilter DEFLATE
</IfModule>
<IfModule mod_headers.c>
# for better privacy/security ask browsers to not set the Referer
Header set Content-Security-Policy "referrer no-referrer"
# don't cache, please
Header merge Cache-Control public env=!NO_CACHE
<IfModule mod_ssl.c>
# HSTS - HTTP Strict Transport Security
Header always set Strict-Transport-Security "max-age=31536000; preload" env=HTTPS
</IfModule>
# X-Xss-Protection
# This header is used to configure the built in reflective XSS protection found in Internet Explorer, Chrome and Safari (Webkit).
Header set X-XSS-Protection "1; mode=block"
</IfModule>
<IfModule mod_expires.c>
ExpiresActive On
ExpiresDefault "access plus 1 month"
</IfModule>
FileETag MTime Size
<IfModule mod_autoindex.c>
Options -Indexes
</ifModule>
</Directory>
#
# Special directories
#
<Directory "__ROUNDCUBEPATH__">
Options -FollowSymLinks
AllowOverride None
<IfModule mod_version.c>
<IfVersion < 2.4>
Order deny,allow
Deny from all
</IfVersion>
<IfVersion >= 2.4>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule mod_access_compat.c>
Order deny,allow
Deny from all
</IfModule>
</IfVersion>
</IfModule>
<IfModule !mod_version.c>
Order deny,allow
Deny from all
</IfModule>
</Directory>
<Directory "__ROUNDCUBEPATH__/bin">
<IfModule mod_version.c>
<IfVersion < 2.4>
Order deny,allow
Deny from all
</IfVersion>
<IfVersion >= 2.4>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule mod_access_compat.c>
Order deny,allow
Deny from all
</IfModule>
</IfVersion>
</IfModule>
<IfModule !mod_version.c>
Order deny,allow
Deny from all
</IfModule>
</Directory>
<Directory "__ROUNDCUBEPATH__/config">
Options -FollowSymLinks
AllowOverride None
<IfModule mod_version.c>
<IfVersion < 2.4>
Order deny,allow
Deny from all
</IfVersion>
<IfVersion >= 2.4>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule mod_access_compat.c>
Order deny,allow
Deny from all
</IfModule>
</IfVersion>
</IfModule>
<IfModule !mod_version.c>
Order deny,allow
Deny from all
</IfModule>
</Directory>
<Directory "__ROUNDCUBEPATH__/logs">
Options -FollowSymLinks
AllowOverride None
<IfModule mod_version.c>
<IfVersion < 2.4>
Order deny,allow
Deny from all
</IfVersion>
<IfVersion >= 2.4>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule mod_access_compat.c>
Order deny,allow
Deny from all
</IfModule>
</IfVersion>
</IfModule>
<IfModule !mod_version.c>
Order deny,allow
Deny from all
</IfModule>
</Directory>
<Directory "__ROUNDCUBEPATH__/migration">
Options -FollowSymLinks
AllowOverride None
<IfModule mod_version.c>
<IfVersion < 2.4>
Order deny,allow
Deny from all
</IfVersion>
<IfVersion >= 2.4>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule mod_access_compat.c>
Order deny,allow
Deny from all
</IfModule>
</IfVersion>
</IfModule>
<IfModule !mod_version.c>
Order deny,allow
Deny from all
</IfModule>
</Directory>
<Directory "__ROUNDCUBEPATH__/migrated">
Options -FollowSymLinks
AllowOverride None
<IfModule mod_version.c>
<IfVersion < 2.4>
Order deny,allow
Deny from all
</IfVersion>
<IfVersion >= 2.4>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule mod_access_compat.c>
Order deny,allow
Deny from all
</IfModule>
</IfVersion>
</IfModule>
<IfModule !mod_version.c>
Order deny,allow
Deny from all
</IfModule>
</Directory>
<Directory "__ROUNDCUBEPATH__/plugins/enigma/home">
<IfModule mod_version.c>
<IfVersion < 2.4>
Order deny,allow
Deny from all
</IfVersion>
<IfVersion >= 2.4>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule mod_access_compat.c>
Order deny,allow
Deny from all
</IfModule>
</IfVersion>
</IfModule>
<IfModule !mod_version.c>
Order deny,allow
Deny from all
</IfModule>
</Directory>
<Directory "__ROUNDCUBEPATH__/program">
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule !^js|.*\.gif$ - [F]
</IfModule>
</Directory>
<Directory "__ROUNDCUBEPATH__/temp">
Options -FollowSymLinks
AllowOverride None
<IfModule mod_version.c>
<IfVersion < 2.4>
Order deny,allow
Deny from all
</IfVersion>
<IfVersion >= 2.4>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule mod_access_compat.c>
Order deny,allow
Deny from all
</IfModule>
</IfVersion>
</IfModule>
<IfModule !mod_version.c>
Order deny,allow
Deny from all
</IfModule>
</Directory>
#
# </VirtualHost>
View Git Blame Copy Permalink