Can anyone help me. I have installed roundcube in my document root and the app is working very well.
how ever the public is able to browse my directories. it seems if the files are php they are protected by the .htaccess file.
but my log files and temp files are completely public
What is the correct way to install round cube?
can anyone define a apache2 structure for roundcube that is secure?
also is there a way to disable inline images in the message. if they are bigger than my php memory limit roundcube blows up
I have the .htaccess file set-up in tmp and logs with the following code
Order allow,deny
Deny from all
furthermore you could maybe do something with mod_rewrite (http://attrition.org/attrition/how-anti-theft.html) against inline images (from outside)
This is working for me. Any corrections are welcome (I am mixing Directory and Location for historical reasons):
<Directory /srv/www/roundcube>
<FilesMatch "(\.inc|\~)$|^_">
Order allow,deny
Deny from all
</FilesMatch>
Order deny,allow
Allow from all
</Directory>
<Location /roundcube/temp>
Order allow,deny
Deny from all
</Location>
<Location /roundcube/logs>
Order allow,deny
Deny from all
</Location>
<Location /roundcube/config>
Order allow,deny
Deny from all
</Location>
I think this (improved/generalized/etc.) should be added to the INSTALLATION document, as it is preferable to htaccess (http://httpd.apache.org/docs/2.0/howto/htaccess.html#when (http://httpd.apache.org/docs/2.0/howto/htaccess.html#when))