From 5e11d323aca6b3fd9f07e5f4ca35c67719d1a265 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Tue, 24 Mar 2020 11:58:47 +0100 Subject: cleanup httpd configuration --- phpMyAdmin.htaccess | 40 +++++--------------- phpMyAdmin.htaccess22 | 103 ++++++++++++++++++++++++++++++++++++++++++++++++++ phpMyAdmin.spec | 15 +++++++- 3 files changed, 126 insertions(+), 32 deletions(-) create mode 100644 phpMyAdmin.htaccess22 diff --git a/phpMyAdmin.htaccess b/phpMyAdmin.htaccess index 4ac6cb4..5854f10 100644 --- a/phpMyAdmin.htaccess +++ b/phpMyAdmin.htaccess @@ -11,52 +11,30 @@ Alias /phpmyadmin /usr/share/phpMyAdmin AddDefaultCharset UTF-8 - - # Apache 2.4 - Require local - - - # Apache 2.2 - Order Deny,Allow - Deny from All - Allow from 127.0.0.1 - Allow from ::1 - + Require local - - # Apache 2.4 - Require local - - - # Apache 2.2 - Order Deny,Allow - Deny from All - Allow from 127.0.0.1 - Allow from ::1 - + Require local # These directories do not require access over HTTP - taken from the original # phpMyAdmin upstream tarball # - Order Deny,Allow - Deny from All - Allow from None + Require all denied + + + + Require all denied - Order Deny,Allow - Deny from All - Allow from None + Require all denied - Order Deny,Allow - Deny from All - Allow from None + Require all denied # This configuration prevents mod_security at phpMyAdmin directories from diff --git a/phpMyAdmin.htaccess22 b/phpMyAdmin.htaccess22 new file mode 100644 index 0000000..64d7e9a --- /dev/null +++ b/phpMyAdmin.htaccess22 @@ -0,0 +1,103 @@ +# phpMyAdmin - Web based MySQL browser written in php +# +# Allows only localhost by default +# +# But allowing phpMyAdmin to anyone other than localhost should be considered +# dangerous unless properly secured by SSL + +Alias /phpMyAdmin /usr/share/phpMyAdmin +Alias /phpmyadmin /usr/share/phpMyAdmin + + + AddDefaultCharset UTF-8 + + + # Apache 2.4 + Require local + + + # Apache 2.2 + Order Deny,Allow + Deny from All + Allow from 127.0.0.1 + Allow from ::1 + + + + + + # Apache 2.4 + Require local + + + # Apache 2.2 + Order Deny,Allow + Deny from All + Allow from 127.0.0.1 + Allow from ::1 + + + +# These directories do not require access over HTTP - taken from the original +# phpMyAdmin upstream tarball +# + + + # Apache 2.4 + Require all denied + + + # Apache 2.2 + Order Deny,Allow + Deny from All + Allow from None + + + + + + # Apache 2.4 + Require all denied + + + # Apache 2.2 + Order Deny,Allow + Deny from All + Allow from None + + + + + + # Apache 2.4 + Require all denied + + + # Apache 2.2 + Order Deny,Allow + Deny from All + Allow from None + + + + + + # Apache 2.4 + Require all denied + + + # Apache 2.2 + Order Deny,Allow + Deny from All + Allow from None + + + +# This configuration prevents mod_security at phpMyAdmin directories from +# filtering SQL etc. This may break your mod_security implementation. +# +# +# +# SecRuleInheritance Off +# +# diff --git a/phpMyAdmin.spec b/phpMyAdmin.spec index 3b1c9d0..62df4c2 100644 --- a/phpMyAdmin.spec +++ b/phpMyAdmin.spec @@ -1,4 +1,5 @@ # remirepo spec file for phpMyAdmin +# remirepo:3 # # Copyright (c) 2008-2020 Remi Collet # @@ -27,7 +28,7 @@ Name: phpMyAdmin Version: %{upstream_version}%{?upstream_prever:~%{upstream_prever}} -Release: 1%{?dist} +Release: 2%{?dist} Summary: A web interface for MySQL and MariaDB # MIT (js/jquery/, js/jqplot, js/codemirror/, js/tracekit/) @@ -40,6 +41,8 @@ Source1: https://files.phpmyadmin.net/%{name}/%{upstream_version}%{?upstream_pre Source2: phpMyAdmin.htaccess Source3: phpMyAdmin.nginx Source4: https://files.phpmyadmin.net/phpmyadmin.keyring +# remirepo:1 +Source10: phpMyAdmin.htaccess22 # Redirect to system certificates Patch0: phpMyAdmin-certs.patch @@ -261,7 +264,14 @@ mkdir -p %{buildroot}/%{_datadir}/%{name} cp -ad ./* %{buildroot}/%{_datadir}/%{name} install -Dpm 0640 CONFIG %{buildroot}/%{_sysconfdir}/%{name}/config.inc.php # Apache +# remirepo:4 +%if 0%{?rhel} == 6 +# old config file with Apache 2.2/2.4 compatibility +install -Dpm 0644 %{SOURCE10} %{buildroot}/%{_sysconfdir}/httpd/conf.d/phpMyAdmin.conf +%else install -Dpm 0644 %{SOURCE2} %{buildroot}/%{_sysconfdir}/httpd/conf.d/phpMyAdmin.conf +# remirepo:1 +%endif # Nginx %if %{with_nginx} install -Dpm 0644 %{SOURCE3} %{buildroot}/%{_sysconfdir}/nginx/default.d/phpMyAdmin.conf @@ -330,6 +340,9 @@ sed -e "/'blowfish_secret'/s/MUSTBECHANGEDONINSTALL/$SECRET/" \ %changelog +* Tue Mar 24 2020 Remi Collet 5.0.2-2 +- cleanup httpd configuration + * Sat Mar 21 2020 Remi Collet 5.0.2-1 - update to 5.0.2 (2020-03-21, security release) - use phpmyadmin/twig-i18n-extension instead of twig/extensions -- cgit