some security fixes + lighttpd config sample

2025-08-23 09:27:25 +00:00 · 2015-07-02 22:44:59 +02:00 · 2015-07-02 22:44:59 +02:00 · cfc0d15ae3
commit cfc0d15ae3
parent 66d613b7ac
8 changed files with 20 additions and 44 deletions
--- a/.gitignore
+++ b/.gitignore
@ -2,6 +2,6 @@
 *.a
 stratum/stratum
 stratum/blocknotify
+stratum/config/
 *.log
 web/yaamp/runtime/*
-
--- a/README.md
+++ b/README.md
@ -20,13 +20,25 @@ Config for nginx:
 		include fastcgi_params;
 	}

-If you use apache, it should be something like (set in web/.htaccess):
+If you use apache, it should be something like (already set in web/.htaccess):

 	RewriteEngine on

 	RewriteCond %{REQUEST_FILENAME} !-f
 	RewriteRule ^(.*) index.php?r=$1 [QSA]

+If you use lighttpd, use the following config:
+
+	$HTTP["host"] =~ "yiimp.ccminer.org" {
+	        server.document-root = "/var/yaamp/web"
+	        url.rewrite-if-not-file = (
+	                "^(.*)\?(.*)" => "index.php?r=$1&$2",
+	                "^(.*)" => "index.php?r=$1",
+	                "." => "index.php"
+	        )
+	}
+
+
 The recommended install folder for the stratum engine is /var/stratum. Copy all the .conf files, run.sh, the stratum binary and the blocknotify binary to this folder. 

 Some scripts are expecting the web folder to be /var/web. 
--- a/web/.htaccess
+++ b/web/.htaccess
@ -1,10 +1,6 @@
 RewriteEngine On
-
-#RewriteCond %{REQUEST_FILENAME} -s [OR]
-#RewriteCond %{REQUEST_FILENAME} -l [OR]
-#RewriteCond %{REQUEST_FILENAME} -d
-#RewriteRule ^.*$ - [NC,L]
-#RewriteRule ^.*$ index.php [NC,L]
+RewriteOptions Inherit

 RewriteCond %{REQUEST_FILENAME} !-f
 RewriteRule ^(.*) index.php?r=$1 [QSA]
+
--- a/web/robots.txt
+++ b/web/robots.txt
@ -1,2 +1,2 @@
 User-agent: *
-
+Disallow:
--- a/web/yaamp/.htaccess
+++ b/web/yaamp/.htaccess
@ -0,0 +1,2 @@
+deny from all
+
--- a/web/yaamp/models/db_shares_vipModel.php
+++ b/web/yaamp/models/db_shares_vipModel.php
@ -1,33 +0,0 @@
-<?php
-
-class db_shares_vip extends CActiveRecord
-{
-	public static function model($className=__CLASS__)
-	{
-		return parent::model($className);
-	}
-
-	public function tableName()
-	{
-		return 'shares_vip';
-	}
-
-	public function rules()
-	{
-		return array(
-		);
-	}
-
-	public function relations()
-	{
-		return array(
-		);
-	}
-
-	public function attributeLabels()
-	{
-		return array(
-		);
-	}
-}
-
--- a/web/yaamp/yiic.php
+++ b/web/yaamp/yiic.php
@ -3,7 +3,6 @@
 if(php_sapi_name() != "cli") return;

 require_once('serverconfig.php');
-//require_once('yaamp/include.php');
 require_once('yaamp/core/core.php');
 require_once('yaamp/ui/lib/lib.php');

--- a/web/yiic
+++ b/web/yiic
@ -1,4 +1,4 @@
 #!/bin/bash

-php yiic.php $*
+php yaamp/yiic.php $*