#949 closed task (fixed)
Installer: Remove file that reveals unnecessary system information
| Reported by: | jbirch | Owned by: | jng |
|---|---|---|---|
| Priority: | low | Milestone: | 2.1 |
| Component: | Installer | Version: | 2.1.0 |
| Severity: | trivial | Keywords: | |
| Cc: | External ID: |
Description
This should be removed from the repo and manually extracted from the .wxs file:
/Installer/Support/Web/Apache2/htdocs/phpTest.php
I'm sure there are other things we should be doing to reduce the standard profile of a MapGuide Apache / install.
Maybe as a start, also set "ServerTokens Prod" in the server properties and "Options -Indexes" for the MapGuide directory in httpd.conf, and "expose_php = Off" in php.ini.
Attachments (1)
Change History (8)
comment:1 by , 16 years ago
| Milestone: | → 2.1 |
|---|---|
| Owner: | set to |
comment:2 by , 16 years ago
| Status: | new → assigned |
|---|
comment:3 by , 16 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
comment:4 by , 16 years ago
I'm pretty sure that DirectoryIndex is what controls which file to use as the default "index" for a particular directory. All that Options -Indexes does should be to prevent mod_autoindex from kicking in and showing visitors a directory listing via HTML.
comment:5 by , 16 years ago
If I set Option Index to the web root directory (I assume this is the directory you're talking about?), the mapviewer(php/net/java/ajax) directories will be denied access.
by , 16 years ago
| Attachment: | httpd.conf.patch added |
|---|
comment:6 by , 16 years ago
I just attached the change I made on my local install.
This prevents users from getting a directory listing of those folders, but still allows requests to:
/mapviewerajax/?....
to work properly. As far as I could tell, everything worked fine when viewing a basic layout via a preview.
Fixed in r3794. Note that the "Option Indexes" setting was not applied because this would have broke the mapviewer directories underneath.