Closed thomasdeurloo closed 4 years ago
Thanks, will add it to the nginx config
In the install example I use this as the default:
location ~ /(data|tmp|bin|content-controllers|inc|interfaces|storage-controllers|templates|tools) { deny all; return 404; }
Hi,
The folder "data" contains the sha1.csv which is containing the hashes. My folder is also containing a file called "uploads.csv" containing the logged uploads.. (I assume that the presence of this file is dependend on the parameter to log uploads). The csv files are publicly accessible to everyone. So if one knows that this system is used, he can request a full overview of the sha1 hashes, and in case of the logged uploads also the ipadresses.
To prevent this i created an .htacces file in the data folder containing
Which is blocking access to requests on csv files (as well as some others then uploaded content, just to be sure). Is this the best way of doing this?