Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nextcloud: Limit Nginx Paths access to relevant directories only #74

Open
JGoutin opened this issue May 31, 2023 · 0 comments
Open

nextcloud: Limit Nginx Paths access to relevant directories only #74

JGoutin opened this issue May 31, 2023 · 0 comments
Assignees
@JGoutin
Labels
enhancement New feature or request security Related to security hardening
Milestone
2.4.0

Comments

@JGoutin
Copy link
Owner

JGoutin commented May 31, 2023

Currently have full access to the /var/www/nextcloud directory. Some paths are restricted in the Nginx configuration, but should be blocked by systemd especially config that contains sensitive data.

From Nginx configuration:

location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/)  { return 404; }
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console)                { return 404; }
@JGoutin JGoutin added enhancement New feature or request security Related to security hardening labels May 31, 2023
@JGoutin JGoutin self-assigned this May 31, 2023
@JGoutin JGoutin added this to the 2.2.0 milestone Jun 3, 2023
@JGoutin JGoutin modified the milestones: 2.2.0, 2.3.0 Sep 13, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@JGoutin JGoutin

Labels
enhancement New feature or request security Related to security hardening
Projects
None yet
Milestone
2.4.0
Development

No branches or pull requests
1 participant
@JGoutin