Merge pull request #1704 from celly/lighttpd-hide-files

Exclude files from Web Admin that should not be accessible.

advanced/lighttpd.conf.debian

@@ -41,7 +41,7 @@ accesslog.format            = "%{%s}t|%V|%r|%s|%b"
 
 
 index-file.names            = ( "index.php", "index.html", "index.lighttpd.html" )
-url.access-deny             = ( "~", ".inc" )
+url.access-deny             = ( "~", ".inc", ".md", ".yml", ".ini" )
 static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
 
 compress.cache-dir          = "/var/cache/lighttpd/compress/"
@@ -66,5 +66,10 @@ $HTTP["url"] =~ "^/admin/" {
     }
 }
 
+# Block . files from being served, such as .git, .github, .gitignore
+$HTTP["url"] =~ "^/admin/\.(.*)" {
+     url.access-deny = ("")
+}
+
 # Add user chosen options held in external file
 include_shell "cat external.conf 2>/dev/null"

advanced/lighttpd.conf.fedora

@@ -42,7 +42,7 @@ accesslog.format            = "%{%s}t|%V|%r|%s|%b"
 
 
 index-file.names            = ( "index.php", "index.html", "index.lighttpd.html" )
-url.access-deny             = ( "~", ".inc" )
+url.access-deny             = ( "~", ".inc", ".md", ".yml", ".ini" )
 static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
 
 compress.cache-dir          = "/var/cache/lighttpd/compress/"
@@ -85,5 +85,10 @@ $HTTP["url"] =~ "^/admin/" {
     }
 }
 
+# Block . files from being served, such as .git, .github, .gitignore
+$HTTP["url"] =~ "^/admin/\.(.*)" {
+     url.access-deny = ("")
+}
+
 # Add user chosen options held in external file
 include_shell "cat external.conf 2>/dev/null"