From: Jerome Jutteau <mojo@couak.net>
Date: Mon, 4 Sep 2017 20:57:19 +0000 (+0200)
Subject: [TASK] Add documentation about var folder protection with lighttpd
X-Git-Tag: 3.3.0~3
X-Git-Url: https://git.p6c8.net/jirafeau.git/commitdiff_plain/42fe16a545b2d7ef3a476dc347594384ac41a403?ds=inline

[TASK] Add documentation about var folder protection with lighttpd

Signed-off-by: Jerome Jutteau <mojo@couak.net>
---

diff --git a/README.md b/README.md
index c62e252..752494c 100644
--- a/README.md
+++ b/README.md
@@ -143,6 +143,14 @@ location ~ /var-.* {
 }
 ```
 
+If you are using lighttpd, you can deny access to ```var``` folder in your configuration:
+
+```
+$HTTP["url"] =~ "^/var-*" {
+         url.access-deny = ("")
+}
+```
+
 You should also remove un-necessessary write access once the installation is done (ex: configuration file).
 An other obvious basic security is to let access users to the site by HTTPS (make sure `web_root` in you `config.local.php` is set with https).