/**
* Generate IIS web.config files to restrict access
*
* Note: for IIS 7 and above
*/
public static function createWebConfigFiles()
{
if (!SettingsServer::isIIS()) {
return;
}
@file_put_contents(PIWIK_INCLUDE_PATH . '/web.config', '<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<security>
<requestFiltering>
<hiddenSegments>
<add segment="config" />
<add segment="core" />
<add segment="lang" />
<add segment="tmp" />
</hiddenSegments>
<fileExtensions>
<add fileExtension=".tpl" allowed="false" />
<add fileExtension=".twig" allowed="false" />
<add fileExtension=".php4" allowed="false" />
<add fileExtension=".php5" allowed="false" />
<add fileExtension=".inc" allowed="false" />
<add fileExtension=".in" allowed="false" />
<add fileExtension=".csv" allowed="false" />
<add fileExtension=".pdf" allowed="false" />
<add fileExtension=".log" allowed="false" />
</fileExtensions>
</requestFiltering>
</security>
<directoryBrowse enabled="false" />
<defaultDocument>
<files>
<remove value="index.php" />
<add value="index.php" />
</files>
</defaultDocument>
<staticContent>
<remove fileExtension=".svg" />
<mimeMap fileExtension=".svg" mimeType="image/svg+xml" />
</staticContent>
</system.webServer>
</configuration>');
// deny direct access to .php files
$directoriesToProtect = array('/libs', '/vendor', '/plugins');
foreach ($directoriesToProtect as $directoryToProtect) {
@file_put_contents(PIWIK_INCLUDE_PATH . $directoryToProtect . '/web.config', '<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<security>
<requestFiltering>
<denyUrlSequences>
<add sequence=".php" />
</denyUrlSequences>
</requestFiltering>
</security>
</system.webServer>
</configuration>');
}
}
protected static function initServerFilesForSecurity()
{
if (SettingsServer::isIIS()) {
ServerFilesGenerator::createWebConfigFiles();
} else {
ServerFilesGenerator::createHtAccessFiles();
}
ServerFilesGenerator::createWebRootFiles();
}