From: Jerome Jutteau Date: Mon, 4 Sep 2017 20:57:19 +0000 (+0200) Subject: [TASK] Add documentation about var folder protection with lighttpd X-Git-Tag: 3.3.0~3 X-Git-Url: https://git.p6c8.net/jirafeau_mojo42.git/commitdiff_plain/42fe16a545b2d7ef3a476dc347594384ac41a403?ds=inline [TASK] Add documentation about var folder protection with lighttpd Signed-off-by: Jerome Jutteau --- diff --git a/README.md b/README.md index c62e252..752494c 100644 --- a/README.md +++ b/README.md @@ -143,6 +143,14 @@ location ~ /var-.* { } ``` +If you are using lighttpd, you can deny access to ```var``` folder in your configuration: + +``` +$HTTP["url"] =~ "^/var-*" { + url.access-deny = ("") +} +``` + You should also remove un-necessessary write access once the installation is done (ex: configuration file). An other obvious basic security is to let access users to the site by HTTPS (make sure `web_root` in you `config.local.php` is set with https).