Forums / General / ezinfo/about and other standard pages
Maarten Holland
Thursday 22 July 2004 1:20:32 am
Hi all,
I've noticed that there is a page ezinfo/about. Am I allowed to disable this page or is this a sort of copyright that must be enabled?
I also like to know if there are more of this sort of pages so I'm not publicing information without my knowledge.
Thank you,
Maarten
Ole Morten Halvorsen
Tuesday 27 July 2004 6:11:22 am
Hi Maarten,
Yes you are free to disable the ezinfo/about page if you want.If I am not mistaken you can remove this by commenting out PolicyOmitList[]=ezinfo in your site.ini file. Users wanting to view the ezinfo/about will now require permission which they don`t have by default.
Look through the kernel/ directory for different modules/views which you might not need and can disable.
Ole M.
Senior Software Engineer - Vision with Technology http://www.visionwt.com http://www.omh.cc http://www.twitter.com/omh eZ Certified Developer http://ez.no/certification/verify/358441 http://ez.no/certification/verify/272578
Tuesday 27 July 2004 7:32:42 am
Thank you Ole,
It's not that I don't want to give eZ systems the credits you deserve, but this is for a corporate page and my CEO probably doesn't want it :-(
I've disabled it using a virtual URL that maps to my root page. I'll go and check the kernel/ directory for other views.
Cheers,
Alexandre Cunha
Sunday 26 September 2004 11:56:40 am
well, creating a virtual url to overide ezinfo/<anything> doest work on ezp 3.4.2 PolicyOmitList[]=ezinfo doest work too.Any ideas without the need to dig in the php code ?
http://AlexandreCunha.com
Luc Chase
Sunday 17 April 2011 12:17:34 pm
Blocking or disabling ezinfo can be done in a couple of ways. On Apache you could add some .htaccess or RewiteRules and/or within eZ you could add some policy omit rules. But why? It's not going to make a site any more secure. Is this a way of ( not ) solving a problem that doesn't exist? What risks does this step resolve? I doubt that not announcing your version number and installed extensions is a way to secure a system. If the site is vulnerable to attack I don't think it would be because the ezinfo/about is working.Security through obscurity is not best practice... it's not even second-best. Your system needs to be made secure; even when everyone knows how it works. One reason why widely used opensource software tends towards being very secure.
The Web Application Service Provider
Heath
Sunday 17 April 2011 3:37:12 pm
Hello Martin,
You can add the following code to your site.ini override (settings/override/site.ini.append.php)
This code should disable the module view across all siteaccesses.
[SiteAccessRules]
Rules[]
Rules[]=access;enable
Rules[]=moduleall
Rules[]=access;disable
Rules[]=module;ezinfo/about
Rules[]=module;content/tipafriend
I hope this helps others. Normally I recommend against disabling this view.
Brookins Consulting | http://brookinsconsulting.com/ Certified | http://auth.ez.no/certification/verify/380350 Solutions | http://projects.ez.no/users/community/brookins_consulting eZpedia community documentation project | http://ezpedia.org
Script start
Module start 'content'
Module end 'content'
Script end
Time used to render debug report: 0.0002 secs