From e3e3b4da58d4b08f98d4e638864d12a6321a1ad0 Mon Sep 17 00:00:00 2001
From: Celly <celly@ted.com>
Date: Thu, 21 Sep 2017 17:47:37 -0400
Subject: [PATCH 1/3] Add in some exclusions form some leaky files in the admin

---
 advanced/lighttpd.conf.debian | 7 ++++++-
 advanced/lighttpd.conf.fedora | 7 ++++++-
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/advanced/lighttpd.conf.debian b/advanced/lighttpd.conf.debian
index 47f6af02..10085dd8 100644
--- a/advanced/lighttpd.conf.debian
+++ b/advanced/lighttpd.conf.debian
@@ -41,7 +41,7 @@ accesslog.format            = "%{%s}t|%V|%r|%s|%b"
 
 
 index-file.names            = ( "index.php", "index.html", "index.lighttpd.html" )
-url.access-deny             = ( "~", ".inc" )
+url.access-deny             = ( "~", ".inc", ".md", ".yml", ".ini" )
 static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
 
 compress.cache-dir          = "/var/cache/lighttpd/compress/"
@@ -66,5 +66,10 @@ $HTTP["url"] =~ "^/admin/" {
     }
 }
 
+# Block the github files from being accessible.
+$HTTP["url"] =~ "^/admin/(.git|.gitignore|.github)" {
+     url.access-deny = ("")
+}
+
 # Add user chosen options held in external file
 include_shell "cat external.conf 2>/dev/null"
diff --git a/advanced/lighttpd.conf.fedora b/advanced/lighttpd.conf.fedora
index 773f0142..27a854af 100644
--- a/advanced/lighttpd.conf.fedora
+++ b/advanced/lighttpd.conf.fedora
@@ -42,7 +42,7 @@ accesslog.format            = "%{%s}t|%V|%r|%s|%b"
 
 
 index-file.names            = ( "index.php", "index.html", "index.lighttpd.html" )
-url.access-deny             = ( "~", ".inc" )
+url.access-deny             = ( "~", ".inc", ".md", ".yml", ".ini" )
 static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
 
 compress.cache-dir          = "/var/cache/lighttpd/compress/"
@@ -85,5 +85,10 @@ $HTTP["url"] =~ "^/admin/" {
     }
 }
 
+# Block the github files from being accessible.
+$HTTP["url"] =~ "^/admin/(.git|.gitignore|.github)" {
+     url.access-deny = ("")
+}
+
 # Add user chosen options held in external file
 include_shell "cat external.conf 2>/dev/null"

From f54a812ad5c68cf0b64d436bfc650f1a0262edfa Mon Sep 17 00:00:00 2001
From: Celly <celly@ted.com>
Date: Fri, 22 Sep 2017 09:27:43 -0400
Subject: [PATCH 2/3] Update access rules to block all root '.' files

---
 advanced/lighttpd.conf.debian | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/advanced/lighttpd.conf.debian b/advanced/lighttpd.conf.debian
index 10085dd8..07f0e964 100644
--- a/advanced/lighttpd.conf.debian
+++ b/advanced/lighttpd.conf.debian
@@ -66,8 +66,8 @@ $HTTP["url"] =~ "^/admin/" {
     }
 }
 
-# Block the github files from being accessible.
-$HTTP["url"] =~ "^/admin/(.git|.gitignore|.github)" {
+# Block . files from being served, such as .git, .github, .gitignore
+$HTTP["url"] =~ "^/admin/\.(.*)" {
      url.access-deny = ("")
 }
 

From 3f20981aab1ba1d48a9c14be1c0cbae924e80dff Mon Sep 17 00:00:00 2001
From: Celly <celly@ted.com>
Date: Fri, 22 Sep 2017 09:29:00 -0400
Subject: [PATCH 3/3] Update access rules to block all root '.' files

---
 advanced/lighttpd.conf.fedora | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/advanced/lighttpd.conf.fedora b/advanced/lighttpd.conf.fedora
index 27a854af..7b2449c6 100644
--- a/advanced/lighttpd.conf.fedora
+++ b/advanced/lighttpd.conf.fedora
@@ -85,8 +85,8 @@ $HTTP["url"] =~ "^/admin/" {
     }
 }
 
-# Block the github files from being accessible.
-$HTTP["url"] =~ "^/admin/(.git|.gitignore|.github)" {
+# Block . files from being served, such as .git, .github, .gitignore
+$HTTP["url"] =~ "^/admin/\.(.*)" {
      url.access-deny = ("")
 }