summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRemi Collet <remi@remirepo.net>2020-03-24 11:58:47 +0100
committerRemi Collet <remi@remirepo.net>2020-03-24 11:58:47 +0100
commit5e11d323aca6b3fd9f07e5f4ca35c67719d1a265 (patch)
tree50b7f1660e7918a956637e3b2da27f8334ccc962
parentad37f18d7f07e5c09aa88174406bb986def34138 (diff)
cleanup httpd configurationHEADmaster
-rw-r--r--phpMyAdmin.htaccess40
-rw-r--r--phpMyAdmin.htaccess22103
-rw-r--r--phpMyAdmin.spec15
3 files changed, 126 insertions, 32 deletions
diff --git a/phpMyAdmin.htaccess b/phpMyAdmin.htaccess
index 4ac6cb4..5854f10 100644
--- a/phpMyAdmin.htaccess
+++ b/phpMyAdmin.htaccess
@@ -11,52 +11,30 @@ Alias /phpmyadmin /usr/share/phpMyAdmin
<Directory /usr/share/phpMyAdmin/>
AddDefaultCharset UTF-8
- <IfModule mod_authz_core.c>
- # Apache 2.4
- Require local
- </IfModule>
- <IfModule !mod_authz_core.c>
- # Apache 2.2
- Order Deny,Allow
- Deny from All
- Allow from 127.0.0.1
- Allow from ::1
- </IfModule>
+ Require local
</Directory>
<Directory /usr/share/phpMyAdmin/setup/>
- <IfModule mod_authz_core.c>
- # Apache 2.4
- Require local
- </IfModule>
- <IfModule !mod_authz_core.c>
- # Apache 2.2
- Order Deny,Allow
- Deny from All
- Allow from 127.0.0.1
- Allow from ::1
- </IfModule>
+ Require local
</Directory>
# These directories do not require access over HTTP - taken from the original
# phpMyAdmin upstream tarball
#
<Directory /usr/share/phpMyAdmin/libraries/>
- Order Deny,Allow
- Deny from All
- Allow from None
+ Require all denied
+</Directory>
+
+<Directory /usr/share/phpMyAdmin/templates/>
+ Require all denied
</Directory>
<Directory /usr/share/phpMyAdmin/setup/lib/>
- Order Deny,Allow
- Deny from All
- Allow from None
+ Require all denied
</Directory>
<Directory /usr/share/phpMyAdmin/setup/frames/>
- Order Deny,Allow
- Deny from All
- Allow from None
+ Require all denied
</Directory>
# This configuration prevents mod_security at phpMyAdmin directories from
diff --git a/phpMyAdmin.htaccess22 b/phpMyAdmin.htaccess22
new file mode 100644
index 0000000..64d7e9a
--- /dev/null
+++ b/phpMyAdmin.htaccess22
@@ -0,0 +1,103 @@
+# phpMyAdmin - Web based MySQL browser written in php
+#
+# Allows only localhost by default
+#
+# But allowing phpMyAdmin to anyone other than localhost should be considered
+# dangerous unless properly secured by SSL
+
+Alias /phpMyAdmin /usr/share/phpMyAdmin
+Alias /phpmyadmin /usr/share/phpMyAdmin
+
+<Directory /usr/share/phpMyAdmin/>
+ AddDefaultCharset UTF-8
+
+ <IfModule mod_authz_core.c>
+ # Apache 2.4
+ Require local
+ </IfModule>
+ <IfModule !mod_authz_core.c>
+ # Apache 2.2
+ Order Deny,Allow
+ Deny from All
+ Allow from 127.0.0.1
+ Allow from ::1
+ </IfModule>
+</Directory>
+
+<Directory /usr/share/phpMyAdmin/setup/>
+ <IfModule mod_authz_core.c>
+ # Apache 2.4
+ Require local
+ </IfModule>
+ <IfModule !mod_authz_core.c>
+ # Apache 2.2
+ Order Deny,Allow
+ Deny from All
+ Allow from 127.0.0.1
+ Allow from ::1
+ </IfModule>
+</Directory>
+
+# These directories do not require access over HTTP - taken from the original
+# phpMyAdmin upstream tarball
+#
+<Directory /usr/share/phpMyAdmin/libraries/>
+ <IfModule mod_authz_core.c>
+ # Apache 2.4
+ Require all denied
+ </IfModule>
+ <IfModule !mod_authz_core.c>
+ # Apache 2.2
+ Order Deny,Allow
+ Deny from All
+ Allow from None
+ </IfModule>
+</Directory>
+
+<Directory /usr/share/phpMyAdmin/templates/>
+ <IfModule mod_authz_core.c>
+ # Apache 2.4
+ Require all denied
+ </IfModule>
+ <IfModule !mod_authz_core.c>
+ # Apache 2.2
+ Order Deny,Allow
+ Deny from All
+ Allow from None
+ </IfModule>
+</Directory>
+
+<Directory /usr/share/phpMyAdmin/setup/lib/>
+ <IfModule mod_authz_core.c>
+ # Apache 2.4
+ Require all denied
+ </IfModule>
+ <IfModule !mod_authz_core.c>
+ # Apache 2.2
+ Order Deny,Allow
+ Deny from All
+ Allow from None
+ </IfModule>
+</Directory>
+
+<Directory /usr/share/phpMyAdmin/setup/frames/>
+ <IfModule mod_authz_core.c>
+ # Apache 2.4
+ Require all denied
+ </IfModule>
+ <IfModule !mod_authz_core.c>
+ # Apache 2.2
+ Order Deny,Allow
+ Deny from All
+ Allow from None
+ </IfModule>
+</Directory>
+
+# This configuration prevents mod_security at phpMyAdmin directories from
+# filtering SQL etc. This may break your mod_security implementation.
+#
+#<IfModule mod_security.c>
+# <Directory /usr/share/phpMyAdmin/>
+# SecRuleInheritance Off
+# </Directory>
+#</IfModule>
diff --git a/phpMyAdmin.spec b/phpMyAdmin.spec
index 3b1c9d0..62df4c2 100644
--- a/phpMyAdmin.spec
+++ b/phpMyAdmin.spec
@@ -1,4 +1,5 @@
# remirepo spec file for phpMyAdmin
+# remirepo:3
#
# Copyright (c) 2008-2020 Remi Collet
#
@@ -27,7 +28,7 @@
Name: phpMyAdmin
Version: %{upstream_version}%{?upstream_prever:~%{upstream_prever}}
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: A web interface for MySQL and MariaDB
# MIT (js/jquery/, js/jqplot, js/codemirror/, js/tracekit/)
@@ -40,6 +41,8 @@ Source1: https://files.phpmyadmin.net/%{name}/%{upstream_version}%{?upstream_pre
Source2: phpMyAdmin.htaccess
Source3: phpMyAdmin.nginx
Source4: https://files.phpmyadmin.net/phpmyadmin.keyring
+# remirepo:1
+Source10: phpMyAdmin.htaccess22
# Redirect to system certificates
Patch0: phpMyAdmin-certs.patch
@@ -261,7 +264,14 @@ mkdir -p %{buildroot}/%{_datadir}/%{name}
cp -ad ./* %{buildroot}/%{_datadir}/%{name}
install -Dpm 0640 CONFIG %{buildroot}/%{_sysconfdir}/%{name}/config.inc.php
# Apache
+# remirepo:4
+%if 0%{?rhel} == 6
+# old config file with Apache 2.2/2.4 compatibility
+install -Dpm 0644 %{SOURCE10} %{buildroot}/%{_sysconfdir}/httpd/conf.d/phpMyAdmin.conf
+%else
install -Dpm 0644 %{SOURCE2} %{buildroot}/%{_sysconfdir}/httpd/conf.d/phpMyAdmin.conf
+# remirepo:1
+%endif
# Nginx
%if %{with_nginx}
install -Dpm 0644 %{SOURCE3} %{buildroot}/%{_sysconfdir}/nginx/default.d/phpMyAdmin.conf
@@ -330,6 +340,9 @@ sed -e "/'blowfish_secret'/s/MUSTBECHANGEDONINSTALL/$SECRET/" \
%changelog
+* Tue Mar 24 2020 Remi Collet <remi@remirepo.net> 5.0.2-2
+- cleanup httpd configuration
+
* Sat Mar 21 2020 Remi Collet <remi@remirepo.net> 5.0.2-1
- update to 5.0.2 (2020-03-21, security release)
- use phpmyadmin/twig-i18n-extension instead of twig/extensions