[TASK] Add documentation about var folder protection with lighttpd

[jirafeau_mojo42.git] / README.md

diff --git a/README.md b/README.md
index d9ac583649a46980270172e52b995ee3a8ae300d..752494cfbbfec91c914e4161999ad35b043eba70 100644 (file)
--- a/README.md
+++ b/README.md
@@ -55,6 +55,10 @@ Jirafeau project won't evolve to a file manager and will focus to keep a very fe
 
 ## Installation
 
+This shows how to install Jirafeau by your own, it's quite simple but you can
+also use a [docker image](https://hub.docker.com/r/mojo42/jirafeau/) or build
+it yourself. Check [docker folder](docker/README.md) for more informations.
+
 System requirements:
 - PHP >= 5.6
 - Optional, but recommended: Git >= 2.7
@@ -139,6 +143,14 @@ location ~ /var-.* {
 }
 ```
 
+If you are using lighttpd, you can deny access to ```var``` folder in your configuration:
+
+```
+$HTTP["url"] =~ "^/var-*" {
+         url.access-deny = ("")
+}
+```
+
 You should also remove un-necessessary write access once the installation is done (ex: configuration file).
 An other obvious basic security is to let access users to the site by HTTPS (make sure `web_root` in you `config.local.php` is set with https).