>> Should I disallow access to certain roundcube directories in nginx? >> I'm especially concerned about arbitrary PHP execution in the user >> upload directory > > any directory containing user uploads has execution > disabled by definition > > Apache: > <IfModule mod_php5.c> > php_flag engine off > </IfModule> > > any directory only containing libraries and no directly > accessed files has access denied by definition > > that is completly independent of roundcube or whatever webserver > that are best practices in any case and not a question > > Apache: > <IfModule !mod_version.c> > Order deny,allow > Deny from all > </IfModule> > <IfModule mod_version.c> > <IfVersion < 2.4> > Order deny,allow > Deny from all > </IfVersion> > <IfVersion >= 2.4> > Require all denied > </IfVersion> > </IfModule>
Are the default permissions you reference set via .htaccess files? - Grant _______________________________________________ Roundcube Users mailing list [email protected] http://lists.roundcube.net/mailman/listinfo/users
