Disable file browsing #5922
Disable file browsing #5922
Conversation
|
I think it make better sense to make this change in public/.htaccess file to fix current installations. |
|
I would really prefer to not mess with the primary htaccess if possible. That's a file that some folks have customized (with https redirects, etc), and really this should be handled via web server configs. To keep it simpler, we can just put index.html files in the dirs if we really feel like that's something we should be handling, versus it being handled via server config. |
|
In that case, the .htaccess file is out of the question, I do agree with this being managed from the server side, do you foresee any challenges with keeping this change in the virtual host? This will only affect future installations using the install.sh script. |
|
Should be fine, yeah. |
|
You may want to also update that here: https://snipe-it.readme.io/docs/linuxosx From memory that is where i got the virtualhost setup from. |
|
@tiagom62 thanks, plan to update some docs during the weekend. |
|
@tiagom62 document updated |
| @@ -20,6 +20,7 @@ vim \ | |||
| git \ | |||
| cron \ | |||
| mysql-client \ | |||
| cron \ | |||
There was a problem hiding this comment.
cron is already present, just two lines above this.
Currently, the public directory can be accessible from the browser, although there is no sensitive data in this directory, it will be best to restrict driectory browsing from the virtual host.