diff options
| -rw-r--r-- | files/htaccess | 23 | ||||
| -rw-r--r-- | manifests/init.pp | 9 |
2 files changed, 32 insertions, 0 deletions
diff --git a/files/htaccess b/files/htaccess new file mode 100644 index 0000000..d156a1e --- /dev/null +++ b/files/htaccess @@ -0,0 +1,23 @@ +# Turn off all options we don't need. +Options None +Options +FollowSymLinks + +# Set the catch-all handler to prevent scripts from being executed. +SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006 +<Files *> + # Override the handler again if we're run later in the evaluation list. + SetHandler Drupal_Security_Do_Not_Remove_See_SA_2013_003 +</Files> + +# If we know how to do it safely, disable the PHP engine entirely. +<IfModule mod_php5.c> + php_flag engine off +</IfModule> +# PHP 4, Apache 1. +<IfModule mod_php4.c> + php_flag engine off +</IfModule> +# PHP 4, Apache 2. +<IfModule sapi_apache2.c> + php_flag engine off +</IfModule> diff --git a/manifests/init.pp b/manifests/init.pp index eef169a..9094988 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -108,4 +108,13 @@ class drupal( source => "puppet:///modules/drupal/themes7.make", require => File['/usr/local/share/drupal'], } + + # See https://drupal.org/SA-CORE-2013-003 + file { "/tmp/.htaccess": + ensure => present, + owner => root, + group => root, + mode => 644, + source => "puppet:///modules/drupal/htaccess", + } } |