rpm/roundcubemail
SHA256
1
0
Fork 0
forked from pool/roundcubemail
Code Pull Requests Activity
48b4a88ef2
roundcubemail/roundcubemail-httpd.conf
Lars Vogdt 48b4a88ef2 Accepting request 758882 from home:lrupp:branches:server:php:applications 
Added: recommend php-imagick 

- remove more cruft from the source (like .tavis or .gitignore)
- php documentor is not needed on a productive system -> remove
- also fix /usr/bin/env calls for two vendor scripts
- skins now have some configurable files in their directories: 
  move those files over to /etc/roundcubemail/skins/
- move other text files (incl. vendor ones) out of the root 
  directory (and handle the LICENSE file a bit different)
- enable mod_filter and add AddOutputFilterByType for common media
  types like html, javascript or xml
- enable php7 on newer openSUSE versions
- enable deflate, expires, filter, headers and setenvif on a new 
  installation - do not enable any module in case of an update
- recommend php-imagick for additional features

OBS-URL: https://build.opensuse.org/request/show/758882
OBS-URL: https://build.opensuse.org/package/show/server:php:applications/roundcubemail?expand=0&rev=128
2019-12-22 19:03:52 +00:00

358 lines
11 KiB
Plaintext
Raw Blame History

# You might want to set up a virtual host for the server, but it is
# not a requirement. You can as well reach the server under its
# common name under https://yourroundcubeserver.example.com/
#
# NameVirtualHost *
# <VirtualHost *>
# ServerName yourroundcubeserver.example.com
# DocumentRoot __ROUNDCUBEPATH__
<IfModule mod_alias.c>
Alias /roundcubemail "__ROUNDCUBEPATH__/public_html"
</IfModule>
# AddDefaultCharset UTF-8
AddType text/x-component .htc
<Directory "__ROUNDCUBEPATH__/public_html">
<IfModule mod_version.c>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
<IfVersion >= 2.4>
<IfModule mod_authz_core.c>
Require all granted
</IfModule>
<IfModule mod_access_compat.c>
Order allow,deny
Allow from all
</IfModule>
</IfVersion>
</IfModule>
<IfModule !mod_version.c>
Order allow,deny
Allow from all
</IfModule>
<IfModule mod_php5.c>
php_flag display_errors Off
php_flag log_errors On
#php_value error_log logs/errors
php_value upload_max_filesize 5M
php_value post_max_size 6M
php_value memory_limit 64M
php_flag register_globals Off
php_flag zlib.output_compression Off
php_flag magic_quotes_gpc Off
php_flag magic_quotes_runtime Off
php_flag suhosin.session.encrypt Off
#php_value session.cookie_path /
#php_value session.hash_function sha256
php_flag session.auto_start Off
php_value session.gc_maxlifetime 21600
php_value session.gc_divisor 500
php_value session.gc_probability 1
# http://bugs.php.net/bug.php?id=30766
php_value mbstring.func_overload 0
</IfModule>
<IfModule mod_php7.c>
php_flag display_errors Off
php_flag log_errors On
#php_value error_log logs/errors
php_value upload_max_filesize 5M
php_value post_max_size 6M
php_value memory_limit 64M
php_flag register_globals Off
php_flag zlib.output_compression Off
php_flag magic_quotes_gpc Off
php_flag magic_quotes_runtime Off
php_flag suhosin.session.encrypt Off
#php_value session.cookie_path /
#php_value session.hash_function sha256
php_flag session.auto_start Off
php_value session.gc_maxlifetime 21600
php_value session.gc_divisor 500
php_value session.gc_probability 1
# http://bugs.php.net/bug.php?id=30766
php_value mbstring.func_overload 0
</IfModule>
<IfModule mod_rewrite.c>
Options +SymLinksIfOwnerMatch
RewriteEngine On
RewriteRule ^favicon\.ico$ skins/larry/images/favicon.ico
# security rules:
# - deny access to files not containing a dot or starting with a dot
# in all locations except installer directory
RewriteRule ^(?!installer|\.well-known\/|[a-f0-9]{16})(\.?[^\.]+)$ - [F]
# - deny access to some locations
RewriteRule ^/?(\.git|\.tx|\.md|SQL|bin|config|logs|temp|tests|program\/(include|lib|localization|steps)) - [F]
# - deny access to composer binaries
RewriteRule ^/vendor\/bin\/.* - [F]
# - deny access to some documentation files
RewriteRule /?(README|INSTALL|LICENSE|CHANGELOG|composer\.json-dist|composer\.json|package\.xml|Dockerfile)$ - [F]
# security rules
</IfModule>
<IfModule mod_deflate.c>
SetOutputFilter DEFLATE
</IfModule>
<IfModule mod_filter.c>
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/json
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/x-component
AddOutputFilterByType DEFLATE text/xml
<IfModule mod_setenvif.c>
SetEnvIfNoCase Request_URI .(?:gif|jpe?g|png)$ no-gzip dont-vary
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4.0[678] no-gzip
BrowserMatch bMSIE !no-gzip !gzip-only-text/html
</IfModule>
</IfModule>
<IfModule mod_headers.c>
# for better privacy/security ask browsers to not set the Referer
Header set Content-Security-Policy "referrer no-referrer"
# don't cache, please
Header merge Cache-Control public env=!NO_CACHE
<IfModule mod_ssl.c>
# HSTS - HTTP Strict Transport Security
Header always set Strict-Transport-Security "max-age=31536000; preload" env=HTTPS
</IfModule>
# X-Xss-Protection
# This header is used to configure the built in reflective XSS protection found in Internet Explorer, Chrome and Safari (Webkit).
Header set X-XSS-Protection "1; mode=block"
</IfModule>
<IfModule mod_expires.c>
ExpiresActive On
ExpiresDefault "access plus 1 month"
</IfModule>
FileETag MTime Size
<IfModule mod_autoindex.c>
Options -Indexes
</ifModule>
</Directory>
#
# Special directories
#
<Directory "__ROUNDCUBEPATH__">
Options -FollowSymLinks
AllowOverride None
<IfModule mod_version.c>
<IfVersion < 2.4>
Order deny,allow
Deny from all
</IfVersion>
<IfVersion >= 2.4>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule mod_access_compat.c>
Order deny,allow
Deny from all
</IfModule>
</IfVersion>
</IfModule>
<IfModule !mod_version.c>
Order deny,allow
Deny from all
</IfModule>
</Directory>
<Directory "__ROUNDCUBEPATH__/bin">
<IfModule mod_version.c>
<IfVersion < 2.4>
Order deny,allow
Deny from all
</IfVersion>
<IfVersion >= 2.4>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule mod_access_compat.c>
Order deny,allow
Deny from all
</IfModule>
</IfVersion>
</IfModule>
<IfModule !mod_version.c>
Order deny,allow
Deny from all
</IfModule>
</Directory>
<Directory "__ROUNDCUBEPATH__/config">
Options -FollowSymLinks
AllowOverride None
<IfModule mod_version.c>
<IfVersion < 2.4>
Order deny,allow
Deny from all
</IfVersion>
<IfVersion >= 2.4>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule mod_access_compat.c>
Order deny,allow
Deny from all
</IfModule>
</IfVersion>
</IfModule>
<IfModule !mod_version.c>
Order deny,allow
Deny from all
</IfModule>
</Directory>
<Directory "__ROUNDCUBEPATH__/logs">
Options -FollowSymLinks
AllowOverride None
<IfModule mod_version.c>
<IfVersion < 2.4>
Order deny,allow
Deny from all
</IfVersion>
<IfVersion >= 2.4>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule mod_access_compat.c>
Order deny,allow
Deny from all
</IfModule>
</IfVersion>
</IfModule>
<IfModule !mod_version.c>
Order deny,allow
Deny from all
</IfModule>
</Directory>
<Directory "__ROUNDCUBEPATH__/migration">
Options -FollowSymLinks
AllowOverride None
<IfModule mod_version.c>
<IfVersion < 2.4>
Order deny,allow
Deny from all
</IfVersion>
<IfVersion >= 2.4>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule mod_access_compat.c>
Order deny,allow
Deny from all
</IfModule>
</IfVersion>
</IfModule>
<IfModule !mod_version.c>
Order deny,allow
Deny from all
</IfModule>
</Directory>
<Directory "__ROUNDCUBEPATH__/migrated">
Options -FollowSymLinks
AllowOverride None
<IfModule mod_version.c>
<IfVersion < 2.4>
Order deny,allow
Deny from all
</IfVersion>
<IfVersion >= 2.4>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule mod_access_compat.c>
Order deny,allow
Deny from all
</IfModule>
</IfVersion>
</IfModule>
<IfModule !mod_version.c>
Order deny,allow
Deny from all
</IfModule>
</Directory>
<Directory "__ROUNDCUBEPATH__/plugins/enigma/home">
<IfModule mod_version.c>
<IfVersion < 2.4>
Order deny,allow
Deny from all
</IfVersion>
<IfVersion >= 2.4>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule mod_access_compat.c>
Order deny,allow
Deny from all
</IfModule>
</IfVersion>
</IfModule>
<IfModule !mod_version.c>
Order deny,allow
Deny from all
</IfModule>
</Directory>
<Directory "__ROUNDCUBEPATH__/program">
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule !^js|.*\.gif$ - [F]
</IfModule>
</Directory>
<Directory "__ROUNDCUBEPATH__/temp">
Options -FollowSymLinks
AllowOverride None
<IfModule mod_version.c>
<IfVersion < 2.4>
Order deny,allow
Deny from all
</IfVersion>
<IfVersion >= 2.4>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule mod_access_compat.c>
Order deny,allow
Deny from all
</IfModule>
</IfVersion>
</IfModule>
<IfModule !mod_version.c>
Order deny,allow
Deny from all
</IfModule>
</Directory>
#
# </VirtualHost>
View Git Blame Copy Permalink