[TYPO3-core] Moving files to a docs-subdir / .htaccess for "security" / nginx-configuration
Ernesto Baschny
eb at cron.eu
Mon May 5 16:27:14 CEST 2014
Stefan Neufeind schrieb am 05.05.2014 02:52:
> On 03/10/2014 10:26 AM, Benjamin Mack wrote:
>> hey,
>>
>> yeah, I agree on putting the licensing and documentation stuff to
>> Documentation/, except for the README.md - however, it's not as
>> important, as we only symlink typo3/ and index.php to the htdocs/ directory.
>>
>> First: moving the .txt files to Documentation/ does not change anything
>> in terms of security right now, so we could do this as a first step.
>> Adding a .htaccess there with a "Deny from all" should be simple and
>> effective for 80% - so let's do this as well.
>>
>> Second: Let's enhance our .htaccess with security options,and modify,
>> and document it. Adding more variants would be nice as well.
>>
>> Adding nginx configurations would be huge! Maybe we can also start some
>> more information on wiki.typo3.org about TYPO3 and nginx.
>>
>> You got my +1 :).
>
> Thanks Benni.
>
> Unfortunately the discussion-thread about a docs-subdir died quite
> early. Helmut blocked the change on forge and not many people discussed
> something.
>
> So what?!?
>
> https://review.typo3.org/28058
I guess the issue and review spend too much focus on the "security"
aspect, which was never the initial thought of having this subdirectory.
The idea was to have a common place for future "shippable documentation"
like the "nginx example configuration" (or maybe some other example
configurations in future, i.e. varnish etc).
While I think it would be cool to have this included in the release (as
you can simple "copy" the file on the server to get the setup running),
it might also be as well that we don't *want* to maintain this kind of
configuration setup in our typo3_src repository, but in the Wiki instead.
So let's first decide if we want to include nginx example config setup
and "where to draw the line" (Varnish? PHP.INI settings? ...?).
If yes, and if we decide that "docs" would be a good location for that,
just then we can also discuss about moving other existing other files
there (INSTALL.md ...).
Having them protected by .htaccess or not is just a minor implementation
detail with no impact on our current state of discussions.
Cheers,
Ernesto
More information about the TYPO3-team-core
mailing list