indymedia
/
epicyon
mirror of https://gitlab.com/bashrc2/epicyon
7
4
Fork 1
Code Issues 14 Releases Wiki Activity

Block access to config.json

main
Bob Mottram 2025-05-19 11:27:05 +01:00
parent 59243e9b58
commit b42d03fb8a
2 changed files with 13 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
daemon_get.py
View File

@ -305,6 +305,12 @@ def daemon_http_get(self) -> None:
http_403(self) http_403(self)
return return
# config.json should not be accessible
if self.path.startswith('/config.json'):
print('GET HTTP Attempt to get configuration file ' + self.path)
http_404(self, 145)
return
# php # php
if self.path.endswith('.php'): if self.path.endswith('.php'):
print('GET HTTP Attempt to access PHP file ' + self.path) print('GET HTTP Attempt to access PHP file ' + self.path)
@ -314,7 +320,7 @@ def daemon_http_get(self) -> None:
# py # py
if self.path.endswith('.py'): if self.path.endswith('.py'):
print('GET HTTP Attempt to access Python file ' + self.path) print('GET HTTP Attempt to access Python file ' + self.path)
http_404(self, 146) http_404(self, 145)
return return
if contains_invalid_chars(str(self.headers)): if contains_invalid_chars(str(self.headers)):

6
daemon_post.py
View File

@ -116,6 +116,12 @@ def daemon_http_post(self) -> None:
http_403(self) http_403(self)
return return
# config.json should not be accessible
if self.path.startswith('/config.json'):
print('POST HTTP Attempt to post configuration file ' + self.path)
http_404(self, 146)
return
# php # php
if self.path.endswith('.php'): if self.path.endswith('.php'):
print('POST HTTP Attempt to access PHP file ' + self.path) print('POST HTTP Attempt to access PHP file ' + self.path)