[SOGo, Nginx] Deny access to some extensions from SOGo web ui to mitigate security concerns

master
andryyy 2021-05-12 10:44:42 +02:00
parent 08e9ab18a8
commit 6a8aa699d9
No known key found for this signature in database
GPG Key ID: 8EC34FF2794E25EF
1 changed files with 4 additions and 0 deletions

View File

@ -176,6 +176,10 @@
} }
location ^~ /SOGo { location ^~ /SOGo {
location ~* ^/SOGo/so/.*\.(xml|js|html|xhtml)$ {
return 403;
break;
}
include /etc/nginx/conf.d/sogo_proxy_auth.active; include /etc/nginx/conf.d/sogo_proxy_auth.active;
include /etc/nginx/conf.d/sogo.active; include /etc/nginx/conf.d/sogo.active;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;