[GeoNode-users] Geonode security vulnerability
Daniel Victoria
daniel.victoria at gmail.com
Fri Feb 10 04:22:10 PST 2017
Hi Jonathan,
Thanks for the heads up. Just to be sure, by changing the geonode.conf I
wont break any other GeoNode funcionality?
Cheers
Daniel
On Thu, Feb 9, 2017 at 10:10 PM, Jonathan Doig <j.doig at unsw.edu.au> wrote:
> Dear all
>
>
>
> I found this issue on my own site and am passing it on as it also affects
> a number of sites I’ve found online.
>
>
>
> The data on your Geonode site may be publicly downloadable, regardless of
> permissions, at:
>
> http://<your_geonode_host>/uploaded/layers/
>
>
>
> You need to edit /etc/apache2/sites-available/geonode.conf and remove the
> block which tells Apache to serve uploaded/layers/. It will look something
> like this:
>
>
>
> <Directory "/home/geonode/geonode/geonode/uploaded/layers/">
>
> Order allow,deny
>
> Options Indexes FollowSymLinks
>
> Allow from all
>
> Require all granted
>
> IndexOptions FancyIndexing
>
> </Directory>
>
>
>
> Then restart Apache:
>
>
>
> sudo service apache2 restart
>
>
>
> I’ve issued a pull request <https://github.com/GeoNode/geonode/pull/2899>
> to update the install doco
> <http://docs.geonode.org/en/master/tutorials/install_and_admin/geonode_install/setup_configure_httpd.html#apache-configuration>.
> As a courtesy, I’ve also contacted the admins of sites I found through a
> “Powered by Geonode” Google search.
>
>
>
> Regards
>
> *Jonathan Doig*
>
> *Software Engineer – Spatial Systems*
>
> *City Futures Research Centre*
>
> *UNSW Built Environment *
>
> Level 3, Red Centre West Wing
>
>
>
> UNSW Sydney
>
> NSW 2052 AUSTRALIA
>
> T:+ 61 (2) 9385 5319 <+61%202%209385%205319> M: 0409 049185
>
> cityfutures.net.au <http://cityfutures.be.unsw.edu.au/>
>
> _______________________________________________
> geonode-users mailing list
> geonode-users at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/geonode-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/geonode-users/attachments/20170210/569043af/attachment.html>
More information about the geonode-users
mailing list