Improve uploads folder security

[freescout-helpdesk]

In order to improve uploads folder security:

• If you are using Apache web server - make sure you have headers module installed. Otherwise install it:

  sudo a2enmod headers
  sudo systemctl restart apache2

• If you are using nginx web server, add the following instruction to your nginx config (THIS BLOCK OF CODE HAS TO BE INSERTED IN THE VERY SPECIFIC PLACE IN THE NGINX CONFIG: nginx configuration):

  location ~* ^/storage/.*\.((?!(jpg|jpeg|jfif|pjpeg|pjp|apng|bmp|gif|ico|cur|png|tif|tiff|webp|pdf|txt|diff|patch|json|mp3|wav|ogg|wma)).)*$ {
      add_header Content-disposition "attachment; filename=$2";
      default_type application/octet-stream;
  }   

[freescout-helpdesk]

FYI @tiredofit @nebulade

[freescout-helpdesk]

Also everyone please notice that filename=$1 changed to filename=$2 in the nginx config above.

@tiredofit @nebulade

[nebulade]

Thanks for letting us know, we use apache in the package, so we added the headers module now.

[Lars-]

Nice, all attachments return a 404 now... Edit: cache seemed to be the problem

[rosinghal]

I am using https://openlitespeed.org/, would you be able to recommend on how to get it to work?