Details

    • Type: Task
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 3.0.7-PL1
    • Fix Version/s: 3.0.8-RC1
    • Component/s: None
    • Labels:
      None

      Description

      IIS uses web.config files for per directory configuration, we should add IIS equivalents to the Apache configuration files already shipped.

        Activity

        Hide
        narqelion narqelion [X] (Inactive) added a comment -

        As I have mentioned numerous times your current package is biased towards Apache/Apache compatible httpd(s)

        me wrote: It is important to be clear that the goal is to develop an application that will install and run equally well on any specified web server environment, with no application component or design favoring one web server environment over another.

        Adding IIS configuration files is fine, so long as they are not active by default and merely available options that can be renamed should it be appropriate for the server environment. The same holds true for .htaccess files, they should not be distributed as .htaccess but instead as htaccess.txt or htaccess.conf, anything other than live configuration files at the time of upload/install. As has been proven time and time again in the support forum, distributing live configuration files in the wrong or unsupported environment wreaks havoc. More and more web hosts are locking down distributed configurations and using global directives instead. Neither .htaccess or web.config directives will work on servers where allow override is off.

        Since neither configuration type is required to secure a phpBB installation, that makes providing them optional rather than mandatory which clearly supports distributing them as optional files rather than out of the box ready.

        Show
        narqelion narqelion [X] (Inactive) added a comment - As I have mentioned numerous times your current package is biased towards Apache/Apache compatible httpd(s) me wrote: It is important to be clear that the goal is to develop an application that will install and run equally well on any specified web server environment, with no application component or design favoring one web server environment over another. Adding IIS configuration files is fine, so long as they are not active by default and merely available options that can be renamed should it be appropriate for the server environment. The same holds true for .htaccess files, they should not be distributed as .htaccess but instead as htaccess.txt or htaccess.conf, anything other than live configuration files at the time of upload/install. As has been proven time and time again in the support forum, distributing live configuration files in the wrong or unsupported environment wreaks havoc. More and more web hosts are locking down distributed configurations and using global directives instead. Neither .htaccess or web.config directives will work on servers where allow override is off. Since neither configuration type is required to secure a phpBB installation, that makes providing them optional rather than mandatory which clearly supports distributing them as optional files rather than out of the box ready.
        Hide
        ToonArmy Chris Smith added a comment -

        Haven't added a web.config to the root yet, but progress is available at: http://github.com/cs278/phpbb3/compare/develop-olympus...bug/9520

        Show
        ToonArmy Chris Smith added a comment - Haven't added a web.config to the root yet, but progress is available at: http://github.com/cs278/phpbb3/compare/develop-olympus...bug/9520
        Hide
        ToonArmy Chris Smith added a comment - - edited

        Microsoft have suggested the following for the root web.config file:

        <?xml version="1.0" encoding="UTF-8"?>
        <configuration>
            <system.webServer>
                <rewrite>
                    <rules>
                        <rule name="config.php rule" patternSyntax="Wildcard" stopProcessing="true">
                            <match url="*config.php" />
                            <action type="AbortRequest" />
                        </rule>
                        <rule name="common.php rule" patternSyntax="Wildcard" stopProcessing="true">
                            <match url="*common.php" />
                            <action type="AbortRequest" />
                        </rule>
                    </rules>
                </rewrite>
            </system.webServer>
        </configuration>
        

        Still awaiting on confirmation that IIS won't break if rewrite is unavailable, or anything else.

        Show
        ToonArmy Chris Smith added a comment - - edited Microsoft have suggested the following for the root web.config file: <?xml version="1.0" encoding="UTF-8"?> <configuration> <system.webServer> <rewrite> <rules> <rule name="config.php rule" patternSyntax="Wildcard" stopProcessing="true"> <match url="*config.php" /> <action type="AbortRequest" /> </rule> <rule name="common.php rule" patternSyntax="Wildcard" stopProcessing="true"> <match url="*common.php" /> <action type="AbortRequest" /> </rule> </rules> </rewrite> </system.webServer> </configuration> Still awaiting on confirmation that IIS won't break if rewrite is unavailable, or anything else.

          People

          • Assignee:
            ToonArmy Chris Smith
            Reporter:
            ToonArmy Chris Smith
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development