From cf309bb12d59a0dd294c52de02e049474a0f20cd Mon Sep 17 00:00:00 2001 From: Christophe Coevoet Date: Mon, 30 Jan 2023 16:49:51 +0100 Subject: [PATCH] Avoid blocking well-known URLs in the Apache config --- CHANGELOG.md | 1 + conf/apache2/heroku.conf | 2 +- test/spec/httpd_spec.rb | 20 +++++++++++++++++++ .../log/parallel_runtime_rspec.heroku-18.log | 1 + .../log/parallel_runtime_rspec.heroku-20.log | 1 + .../log/parallel_runtime_rspec.heroku-22.log | 1 + 6 files changed, 25 insertions(+), 1 deletion(-) create mode 100644 test/spec/httpd_spec.rb diff --git a/CHANGELOG.md b/CHANGELOG.md index 2c3dd80c6..7a570af9c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,7 @@ ### CHG - Do not block access to /.well-known/ in Nginx config [Christophe Coevoet, David Zuelke] +- Do not block access to /.well-known/ in Apache HTTPD config [Christophe Coevoet, David Zuelke] ## v232 (2023-03-27) diff --git a/conf/apache2/heroku.conf b/conf/apache2/heroku.conf index cf32ffcd5..a4db32b27 100644 --- a/conf/apache2/heroku.conf +++ b/conf/apache2/heroku.conf @@ -29,7 +29,7 @@ Listen ${PORT} # lock it down fully by default # if it's also the docroot, it'll be opened up again further below Require all denied - + # explicitly deny these again, merged with the docroot later Require all denied diff --git a/test/spec/httpd_spec.rb b/test/spec/httpd_spec.rb new file mode 100644 index 000000000..83a8ddae9 --- /dev/null +++ b/test/spec/httpd_spec.rb @@ -0,0 +1,20 @@ +require_relative "spec_helper" + +describe "A PHP application" do + it "allows access to /.well-known/ with Apache HTTPD" do + new_app_with_stack_and_platrepo('test/fixtures/default').tap do |app| + app.before_deploy(:append) do + FileUtils.mkdir_p(".well-known/acme") + File.open(".well-known/acme/foo", "w+") do |f| + f.write 'bar' + end + File.open("Procfile", "w+") do |f| + f.write 'web: heroku-php-apache2' + end + end + app.deploy do |app| + expect(successful_body(app, path: '/.well-known/acme/foo')).to eq 'bar' + end + end + end +end diff --git a/test/var/log/parallel_runtime_rspec.heroku-18.log b/test/var/log/parallel_runtime_rspec.heroku-18.log index 5681ddacf..19365bdd1 100644 --- a/test/var/log/parallel_runtime_rspec.heroku-18.log +++ b/test/var/log/parallel_runtime_rspec.heroku-18.log @@ -2,6 +2,7 @@ test/spec/blackfire_spec.rb:239.20765019800092 test/spec/bugs_spec.rb:45.368704143 test/spec/ci_spec.rb:274.321140925 test/spec/composer_spec.rb:90.616864848999995 +test/spec/httpd_spec.rb:18.68997263999998 test/spec/newrelic_spec.rb:86.77255344099999 test/spec/nginx_spec.rb:49.700997473 test/spec/php_7.1-apache2_boot_spec.rb:129.810977812 diff --git a/test/var/log/parallel_runtime_rspec.heroku-20.log b/test/var/log/parallel_runtime_rspec.heroku-20.log index 3819d30cd..a32a490a6 100644 --- a/test/var/log/parallel_runtime_rspec.heroku-20.log +++ b/test/var/log/parallel_runtime_rspec.heroku-20.log @@ -2,6 +2,7 @@ test/spec/blackfire_spec.rb:239.20765019800092 test/spec/bugs_spec.rb:30.021669688999992 test/spec/ci_spec.rb:274.321140925 test/spec/composer_spec.rb:90.616864848999995 +test/spec/httpd_spec.rb:18.68997263999998 test/spec/newrelic_spec.rb:86.77255344099999 test/spec/nginx_spec.rb:49.700997473 test/spec/php_7.3-apache2_boot_spec.rb:135.224324281 diff --git a/test/var/log/parallel_runtime_rspec.heroku-22.log b/test/var/log/parallel_runtime_rspec.heroku-22.log index 0fa35c1cc..bd84120f2 100644 --- a/test/var/log/parallel_runtime_rspec.heroku-22.log +++ b/test/var/log/parallel_runtime_rspec.heroku-22.log @@ -2,6 +2,7 @@ test/spec/blackfire_spec.rb:239.20765019800092 test/spec/bugs_spec.rb:30.021669688999992 test/spec/ci_spec.rb:274.321140925 test/spec/composer_spec.rb:90.616864848999995 +test/spec/httpd_spec.rb:18.68997263999998 test/spec/newrelic_spec.rb:86.77255344099999 test/spec/nginx_spec.rb:49.700997473 test/spec/php_8.1-apache2_boot_spec.rb:160.79852702099998