1 (edited by baobab 2016-12-08 00:57:35)

Topic: Nginx access permissions

==== Required information ====
- iRedMail version (check /etc/iredmail-release):
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- Related log if you're reporting an issue:
====

I just updated RoundCube with the recent security patch. There was some notes within the installation files about supressing webserver's access to the following directories:

/config
/temp
/logs

The notes were intended for Apache and I'm running Nginx. I looked into Nginx configuration files but couldn't find any configuration about restricting access to those folders. When I tried to access eg. mydomain/mail/logs, I got a 403 error. So it looks like access is restricted. How or where is it configured? Is there anything I should check to make sure Nginx does not have more access to the system than it needs, or is it configured to be secure by default?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Nginx access permissions

Check '.htaccess' file under those directories, also directory owner/permission, /etc/nginx/templates/roundcube.tmpl.

3

Re: Nginx access permissions

According to Nginx web page, Nginx doesn't use .htaccess: https://www.nginx.com/resources/wiki/st … -htaccess/