Patched CVE-2019-11043

master
bkraul 2019-10-31 11:47:52 -05:00
parent 57bde7e21f
commit b9f4dee100
1 changed files with 4 additions and 2 deletions

View File

@ -55,7 +55,8 @@ http {
add_header X-Robots-Tag none; add_header X-Robots-Tag none;
add_header X-Download-Options noopen; add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none; add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer always; add_header Referrer-Policy no-referrer always;
add_header X-Frame-Options "SAMEORIGIN";
root /var/www/html; root /var/www/html;
@ -95,7 +96,7 @@ http {
#pagespeed off; #pagespeed off;
location / { location / {
rewrite ^ /index.php$uri; rewrite ^ /index.php;
} }
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
@ -108,6 +109,7 @@ http {
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) { location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.*)$; fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params; include fastcgi_params;
try_files $fastcgi_script_name =404;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_INFO $fastcgi_path_info;
# fastcgi_param HTTPS on; # fastcgi_param HTTPS on;