Merge pull request #9 from twindscheif/patch-1

Update security.rst
sysPass · Jul 20, 2019 · 00e3ee3 · 00e3ee3
2 parents f5d36fb + 1f89153
commit 00e3ee3
Showing 1 changed file with 18 additions and 1 deletion.
diff --git a/docs/source/application/security.rst b/docs/source/application/security.rst
@@ -18,7 +18,7 @@ In order to limit the access to the directories through Apache, '.htaccess' file
 
 .. code:: Apache
 
-  # Apache 2.4
+  # Apache 2.4 (after 2.4.16)
   <Directory "/var/www/html/sysPass">
     Options -Indexes -FollowSymLinks -Includes -ExecCGI
     <RequireAny>
@@ -32,5 +32,22 @@ In order to limit the access to the directories through Apache, '.htaccess' file
     Require all granted
   </Directory>
 
+.. code:: Apache
+
+  # Apache 2.4 (before 2.4.16)
+  <Directory "/var/www/html/sysPass">
+    Options -Indexes -FollowSymLinks -Includes -ExecCGI
+    <RequireAny>
+        Require expr %{REQUEST_URI} =~ m#.*/index\.php(\?r=)?#
+        Require expr %{REQUEST_URI} =~ m#.*/api\.php$#
+        Require expr %{REQUEST_URI} =~ m#^$#
+    </RequireAny>
+  </Directory>
+
+  <Directory "/var/www/html/sysPass/public">
+    Require all granted
+  </Directory>
+
+
 .. danger::
   'app/config' directory shouldn't be accessible through the web server, it could reveal private data.