From 6a8aa699d907f1faef9f7665d9f189b36bccb920 Mon Sep 17 00:00:00 2001
From: andryyy <andre.peters@debinux.de>
Date: Wed, 12 May 2021 10:44:42 +0200
Subject: [PATCH] [SOGo, Nginx] Deny access to some extensions from SOGo web ui
 to mitigate security concerns

---
 data/conf/nginx/includes/site-defaults.conf | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/data/conf/nginx/includes/site-defaults.conf b/data/conf/nginx/includes/site-defaults.conf
index ae4de7b8..842e59cc 100644
--- a/data/conf/nginx/includes/site-defaults.conf
+++ b/data/conf/nginx/includes/site-defaults.conf
@@ -176,6 +176,10 @@
   }
 
   location ^~ /SOGo {
+    location ~* ^/SOGo/so/.*\.(xml|js|html|xhtml)$ {
+      return 403;
+      break;
+    }
     include /etc/nginx/conf.d/sogo_proxy_auth.active;
     include /etc/nginx/conf.d/sogo.active;
     proxy_set_header X-Real-IP $remote_addr;