mirror of https://gitlab.com/bashrc2/epicyon
Block access to config.json
parent
59243e9b58
commit
b42d03fb8a
|
@ -305,6 +305,12 @@ def daemon_http_get(self) -> None:
|
|||
http_403(self)
|
||||
return
|
||||
|
||||
# config.json should not be accessible
|
||||
if self.path.startswith('/config.json'):
|
||||
print('GET HTTP Attempt to get configuration file ' + self.path)
|
||||
http_404(self, 145)
|
||||
return
|
||||
|
||||
# php
|
||||
if self.path.endswith('.php'):
|
||||
print('GET HTTP Attempt to access PHP file ' + self.path)
|
||||
|
@ -314,7 +320,7 @@ def daemon_http_get(self) -> None:
|
|||
# py
|
||||
if self.path.endswith('.py'):
|
||||
print('GET HTTP Attempt to access Python file ' + self.path)
|
||||
http_404(self, 146)
|
||||
http_404(self, 145)
|
||||
return
|
||||
|
||||
if contains_invalid_chars(str(self.headers)):
|
||||
|
|
|
@ -116,6 +116,12 @@ def daemon_http_post(self) -> None:
|
|||
http_403(self)
|
||||
return
|
||||
|
||||
# config.json should not be accessible
|
||||
if self.path.startswith('/config.json'):
|
||||
print('POST HTTP Attempt to post configuration file ' + self.path)
|
||||
http_404(self, 146)
|
||||
return
|
||||
|
||||
# php
|
||||
if self.path.endswith('.php'):
|
||||
print('POST HTTP Attempt to access PHP file ' + self.path)
|
||||
|
|
Loading…
Reference in New Issue