-
Notifications
You must be signed in to change notification settings - Fork 55
WebServer Configuration
Munir Njiru edited this page Nov 18, 2015
·
3 revisions
#Web Server Configuration When Implementing any version of OWASP Mth3l3m3nt Framework a little house keeping is required in terms of the server configuration, this can be done via server configurations. Editing the files to show settings as below is recommended for the host or virtual host depending on the implementation . Key aspects include
- Deny listing of files
- Allowing htaccess overrides
- Allowing using of symlinks and includes , this especially affects routing in the application.
<Directory /var/www/>
Options -Indexes +FollowSymLinks +Includes
AllowOverride All
Order allow,deny
Allow from all
Require all granted # This is required for apache 2.4.3 or higher if lower version remove this line
</Directory>server {
root /var/www/html;
location / {
index index.php index.html index.htm;
try_files $uri /index.php?$query_string;
}
location ~ \.php$ {
fastcgi_pass ip_address:port;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
} <?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="Application" stopProcessing="true">
<match url=".*" ignoreCase="false" />
<conditions logicalGrouping="MatchAll">
<add input="{REQUEST_FILENAME}" matchType="IsFile" ignoreCase="false" negate="true" />
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" ignoreCase="false" negate="true" />
</conditions>
<action type="Rewrite" url="index.php" appendQueryString="true" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration> $HTTP["host"] =~ "www\.example\.com$" {
url.rewrite-once = ( "^/(.*?)(\?.+)?$"=>"/index.php/$1?$2" )
server.error-handler-404 = "/index.php"
}
}Developed by Munir Njiru