Fixed: FS#1620 - [Security] No Access in additional php.ini

tbrehm · tbrehm · commit 3a7411613dde · 2011-05-17T10:23:31.000Z
diff --git a/install/tpl/apache_ispconfig.conf.master b/install/tpl/apache_ispconfig.conf.master
@@ -20,6 +20,12 @@ CustomLog "| /usr/local/ispconfig/server/scripts/vlogger -s access.log -t \"%Y%m
        Deny from all
 </Directory>
 
+<Directory /var/www/conf>
+    AllowOverride None
+    Order Deny,Allow
+    Deny from all
+</Directory>
+
 # Except of the following directories that contain website scripts
 <Directory /usr/share/phpmyadmin>
         Order allow,deny
diff --git a/server/conf/apache_ispconfig.conf.master b/server/conf/apache_ispconfig.conf.master
@@ -14,9 +14,15 @@ CustomLog "| /usr/local/ispconfig/server/scripts/vlogger -s access.log -t \"%Y%m
 
 # Do not allow access to the root file system of the server for security reasons
 <Directory />
-       AllowOverride None
-       Order Deny,Allow
-       Deny from all
+    AllowOverride None
+    Order Deny,Allow
+    Deny from all
+</Directory>
+
+<Directory /var/www/conf>
+    AllowOverride None
+    Order Deny,Allow
+    Deny from all
 </Directory>
 
 # Except of the following directories that contain website scripts
