Block access to config.json

main
Bob Mottram 2025-05-19 11:27:05 +01:00
parent 59243e9b58
commit b42d03fb8a
2 changed files with 13 additions and 1 deletions

View File

@ -305,6 +305,12 @@ def daemon_http_get(self) -> None:
http_403(self)
return
# config.json should not be accessible
if self.path.startswith('/config.json'):
print('GET HTTP Attempt to get configuration file ' + self.path)
http_404(self, 145)
return
# php
if self.path.endswith('.php'):
print('GET HTTP Attempt to access PHP file ' + self.path)
@ -314,7 +320,7 @@ def daemon_http_get(self) -> None:
# py
if self.path.endswith('.py'):
print('GET HTTP Attempt to access Python file ' + self.path)
http_404(self, 146)
http_404(self, 145)
return
if contains_invalid_chars(str(self.headers)):

View File

@ -116,6 +116,12 @@ def daemon_http_post(self) -> None:
http_403(self)
return
# config.json should not be accessible
if self.path.startswith('/config.json'):
print('POST HTTP Attempt to post configuration file ' + self.path)
http_404(self, 146)
return
# php
if self.path.endswith('.php'):
print('POST HTTP Attempt to access PHP file ' + self.path)