deny remote access to elements/*html, RT#23357

[freeside.git] / htetc / freeside-base2.conf

diff --git a/htetc/freeside-base2.conf b/htetc/freeside-base2.conf
index 1bbe90a..e981ef2 100644 (file)
--- a/htetc/freeside-base2.conf
+++ b/htetc/freeside-base2.conf
@@ -48,6 +48,11 @@ PerlSetVar FreesideHttpOnly 1
     <Files "freeside.css">
         Satisfy any
     </Files>
+
+    <Files ~ "(\.html)$">
+        Deny from all
+        SetHandler None
+    </Files>
 </Directory>
 
 <Directory %%%FREESIDE_DOCUMENT_ROOT%%%/rt/Helpers/>
@@ -59,3 +64,9 @@ PerlSetVar FreesideHttpOnly 1
     Satisfy any
 </Directory>
 
+<Directory %%%FREESIDE_DOCUMENT_ROOT%%%/REST/1.0/>
+    Satisfy any
+    SetHandler perl-script
+    PerlHandler HTML::Mason
+</Directory>
+