Browse Source

deny requests to ^/evolinux_fpm_status-.*

pull/124/head
Ludovic Poujol 2 months ago
parent
commit
df9db31725
  1. 1
      CHANGELOG.md
  2. 15
      apache/files/evolinux-defaults.conf

1
CHANGELOG.md

@ -22,6 +22,7 @@ The **patch** part changes incrementally at each release.
### Changed
* apache: rotate logs daily instead of weekly
* apache: deny requests to ^/evolinux_fpm_status-.*
* certbot: use a fixed 1.9.0 version of the certbot-auto script (renamed "letsencrypt-auto")
* cerbot: use the legacy script on Debian 8 and 9
* evoacme: upstream release 21.01

15
apache/files/evolinux-defaults.conf

@ -9,16 +9,19 @@ StartServers 50
MinSpareServers 20
MaxSpareServers 30
MaxRequestsPerChild 0
<Directory /home/>
AllowOverride None
Require all granted
# "Require not env XXX" is not supported :(
Deny from env=GoAway
</Directory>
<IfModule mod_ssl.c>
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!RC4
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!RC4
</IfModule>
<Files ~ "\.(inc|bak)$">
Require all denied
</Files>
@ -31,6 +34,10 @@ SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!RC4
</IfModule>
<IfModule mpm_itk.c>
LimitUIDRange 0 6000
LimitGIDRange 0 6000
LimitUIDRange 0 6000
LimitGIDRange 0 6000
</IfModule>
<LocationMatch "^/evolinux_fpm_status-.*">
Require all denied
</LocationMatch>
Loading…
Cancel
Save