diff options
author | Stefan Fritsch <sf@sfritsch.de> | 2016-05-28 11:43:41 +0200 |
---|---|---|
committer | Stefan Fritsch <sf@sfritsch.de> | 2016-05-28 11:43:41 +0200 |
commit | 423c773a6872d5ba87d07caf6ef7d73360d1c6b1 (patch) | |
tree | 7d684ef9a307a533ef419379842d53e891ad63af | |
parent | 9030f8b0232d3ecb6489bc13cc10f8134c670f7f (diff) | |
download | apache2-423c773a6872d5ba87d07caf6ef7d73360d1c6b1.tar.gz |
Remove links to manpages.debian.org in default index.html
While there, add some rel="nofollow" to other links. Also update
problematic index.html files in postinst.
-rw-r--r-- | debian/apache2.postinst | 23 | ||||
-rw-r--r-- | debian/apache2.postrm | 1 | ||||
-rw-r--r-- | debian/changelog | 2 | ||||
-rw-r--r-- | debian/index.html | 18 |
4 files changed, 35 insertions, 9 deletions
diff --git a/debian/apache2.postinst b/debian/apache2.postinst index 0b6ed2ed..9385a826 100644 --- a/debian/apache2.postinst +++ b/debian/apache2.postinst @@ -76,6 +76,21 @@ install_default_site() fi } +is_problematic_index_html () { + local FILE="$1" + [ -f "$FILE" ] || return 1 + local MD5=$(md5sum "$FILE" 2> /dev/null |cut -d' ' -f 1) || + return 1 + grep -q "$MD5" <<- EOF + 1736dfc80cf1f5a8966c096a0b094377 + 776221a94e5a174dc2396c0f3f6b6a74 + 51a41c3207374dad24ec64a0f2646bdc + c481228d439cbb54bdcedbaec5bbb11a + 3183a3d71d86bcc88aaf3ca5cbbefb45 + 74cec59a19e5d16f7cc6a2445e35fa3b + EOF +} + # XXX: This site is installed in the apache2-data package. Should the postinst # scriptlet move there too? install_default_files() @@ -98,6 +113,14 @@ install_default_files() if $do_copy ; then cp /usr/share/apache2/default-site/index.html /var/www/html/index.html fi + else + # see #821313 + for dir in /var/www /var/www/html ; do + local file=$dir/index.html + if is_problematic_index_html $file ; then + cp /usr/share/apache2/default-site/index.html $file + fi + done fi } diff --git a/debian/apache2.postrm b/debian/apache2.postrm index e525a2e2..7023734e 100644 --- a/debian/apache2.postrm +++ b/debian/apache2.postrm @@ -32,6 +32,7 @@ is_default_index_html () { 74cec59a19e5d16f7cc6a2445e35fa3b 776221a94e5a174dc2396c0f3f6b6a74 c481228d439cbb54bdcedbaec5bbb11a + 675d549372241f55964b5f886921b06d EOF } diff --git a/debian/changelog b/debian/changelog index 4525f7c1..19c9a114 100644 --- a/debian/changelog +++ b/debian/changelog @@ -4,6 +4,8 @@ apache2 (2.4.20-2) UNRELEASED; urgency=medium Closes: #820824 * Fix race condition and logical error in init script. Thanks to Thomas Stangner for the patch. Closes: #822144 + * Remove links to manpages.debian.org in default index.html to avoid + broken robots doing a DoS on the site. Closes: #821313 -- Stefan Fritsch <sf@debian.org> Sat, 28 May 2016 10:58:26 +0200 diff --git a/debian/index.html b/debian/index.html index 6782988c..766401df 100644 --- a/debian/index.html +++ b/debian/index.html @@ -293,17 +293,17 @@ *-available/ counterparts. These should be managed by using our helpers <tt> - <a href="http://manpages.debian.org/cgi-bin/man.cgi?query=a2enmod">a2enmod</a>, - <a href="http://manpages.debian.org/cgi-bin/man.cgi?query=a2dismod">a2dismod</a>, + a2enmod, + a2dismod, </tt> <tt> - <a href="http://manpages.debian.org/cgi-bin/man.cgi?query=a2ensite">a2ensite</a>, - <a href="http://manpages.debian.org/cgi-bin/man.cgi?query=a2dissite">a2dissite</a>, + a2ensite, + a2dissite, </tt> and <tt> - <a href="http://manpages.debian.org/cgi-bin/man.cgi?query=a2enconf">a2enconf</a>, - <a href="http://manpages.debian.org/cgi-bin/man.cgi?query=a2disconf">a2disconf</a> + a2enconf, + a2disconf </tt>. See their respective man pages for detailed information. </li> @@ -326,7 +326,7 @@ <p> By default, Debian does not allow access through the web browser to <em>any</em> file apart of those located in <tt>/var/www</tt>, - <a href="http://httpd.apache.org/docs/2.4/mod/mod_userdir.html">public_html</a> + <a href="http://httpd.apache.org/docs/2.4/mod/mod_userdir.html" rel="nofollow">public_html</a> directories (when enabled) and <tt>/usr/share</tt> (for web applications). If your site is using a web document root located elsewhere (such as in <tt>/srv</tt>) you may need to whitelist your @@ -347,8 +347,8 @@ <p> Please use the <tt>reportbug</tt> tool to report bugs in the Apache2 package with Debian. However, check <a - href="http://bugs.debian.org/cgi-bin/pkgreport.cgi?ordering=normal;archive=0;src=apache2;repeatmerged=0">existing - bug reports</a> before reporting a new bug. + href="http://bugs.debian.org/cgi-bin/pkgreport.cgi?ordering=normal;archive=0;src=apache2;repeatmerged=0" + rel="nofollow">existing bug reports</a> before reporting a new bug. </p> <p> Please report bugs specific to modules (such as PHP and others) |