Closed M5oul closed 9 years ago
Resolved by 4ea05fc48520ae0b61efdf35a3c020e8a94b878a
Thanks. The upgrade script should do the job?
Yes , if it copies the conf file it will do the job even thought I didnt tried.
Le 27 août 2015 00:33:28 GMT+02:00, M5oul notifications@github.com a écrit :
Thanks. The upgrade script should do the job?
Reply to this email directly or view it on GitHub: https://github.com/matlink/pluxml_ynh/issues/13#issuecomment-135196635
Matlink - sysadmin Matlink.fr
The upgrade went well. But, I still can not access my image. I do not understand why :disappointed:
what's the displayed error ? what are logs saying ?
Le 27/08/2015 16:27, M5oul a écrit :
The upgrade went well. But, I still can not access my image. I do not understand why :disappointed:
— Reply to this email directly or view it on GitHub https://github.com/matlink/pluxml_ynh/issues/13#issuecomment-135452053.
Still 403 Forbidden nginx/1.6.2
error. I can't see any interesting error logs.
I have removed those lines, and I could display images. /var/www/pluxml/data/media/
repository must be unprotected. However, I think, other repositories /var/www/pluxml/data/{articles, commentaires, configuration, index.html, statiques}
don't need to be protected. I can not access them and I get an error or I get redirected to SSO when trying to access them. It is this secure?
I think /data/configuration
needs to be protected. Even if the others are not sensitive, they don't need to be directly accessed. The index.php does the job.
Don't take the risk, better let nginx do its job of denying access instead of only SSOwat.
Can you tell me where you can't access you images ? And what are theirs URLs ?
In fact, I can access to them with those lines dropped.
Even after putting back the lines you dropped ?
Le 27/08/2015 19:22, M5oul a écrit :
In fact, I can access to them.
— Reply to this email directly or view it on GitHub https://github.com/matlink/pluxml_ynh/issues/13#issuecomment-135498237.
Matlink - Sysadmin matlink.fr
Yep, I can access to them with those lines dropped. So I finaly added this:
location YNH_EXAMPLE_FOLDER/data/configuration {
deny all;
return 403;
}
I can access my images, and I can not access configuration files.
Like I said, other directories shouldn't be unprotected, since they don't need to be directly accessed. You should keep denying access to them.
Le 27/08/2015 19:42, M5oul a écrit :
Yep, I can access to them with those lines dropped. So I finaly added this:
location YNH_EXAMPLE_FOLDER/data/configuration { deny all; return 403; }
I can access my images, and I can not access configuration files.
— Reply to this email directly or view it on GitHub https://github.com/matlink/pluxml_ynh/issues/13#issuecomment-135503802.
Matlink - Sysadmin matlink.fr
Ok, their will be many rules…
What about
location ^~ /data/medias/ {
allow all;
}
location ^~ /data/ {
deny all;
}
?
Seems great :smile:
fixed by 63093af74edee549244b7c2a3863a12c903303e6
There is an issue to access to media like an image. For instance, when I am going to
https://domain.tld/pluxml/data/medias/media.ext
, I get a403 Forbidden nginx/1.6.2
error.As I can see Nginx configuration,
/media
should be allowed. Actually, their are by default in/media
and not in/data
.Why?
May be your package is not up-to-date.