[bugzilla-gnome-org-upstream/4.4] Bug 1121477: Support for Apache HTTPD 2.4 r=dkl, a=glob

[Andrea Veri <av src gnome org>]

commit 981729e5b625daeb9c288754865c09d5d9b2ddef
Author: Jochen Wiedmann <jochen wiedmann gmail com>
Date:   Mon Feb 2 16:34:21 2015 +0000

    Bug 1121477: Support for Apache HTTPD 2.4
    r=dkl,a=glob

 .htaccess                      |   12 ++++++-
 Bugzilla/Install/Filesystem.pm |   76 ++++++++++++++++++++++++++++++++++++----
 2 files changed, 80 insertions(+), 8 deletions(-)
---
diff --git a/.htaccess b/.htaccess
index 3b464a4..d5bc8b2 100644
--- a/.htaccess
+++ b/.htaccess
@@ -1,6 +1,16 @@
 # Don't allow people to retrieve non-cgi executable files or our private data
 <FilesMatch (\.pm|\.pl|\.tmpl|localconfig.*)$>
-  deny from all
+  <IfModule mod_version.c>
+    <IfVersion <= 2.2>
+     Deny from all
+    </IfVersion>
+    <IfVersion > 2.2>
+      Require all denied
+    </IfVersion>
+  </IfModule>
+  <IfModule !mod_version.c>
+    Deny from all
+  </IfModule>
 </FilesMatch>
 
 Options -Indexes
diff --git a/Bugzilla/Install/Filesystem.pm b/Bugzilla/Install/Filesystem.pm
index aac447e..f84acce 100644
--- a/Bugzilla/Install/Filesystem.pm
+++ b/Bugzilla/Install/Filesystem.pm
@@ -43,7 +43,17 @@ our @EXPORT = qw(
 use constant HT_DEFAULT_DENY => <<EOT;
 # nothing in this directory is retrievable unless overridden by an .htaccess
 # in a subdirectory
-deny from all
+<IfModule mod_version.c>
+  <IfVersion <= 2.2>
+    Deny from all
+  </IfVersion>
+  <IfVersion > 2.2>
+    Require all denied
+  </IfVersion>
+</IfModule>
+<IfModule !mod_version.c>
+    Deny from all
+</IfModule>
 EOT
 
 ###############
@@ -329,11 +339,31 @@ EOT
         "$graphsdir/.htaccess" => { perms => WS_SERVE, contents => <<EOT
 # Allow access to .png and .gif files.
 <FilesMatch (\\.gif|\\.png)\$>
-  Allow from all
+  <IfModule mod_version.c>
+    <IfVersion <= 2.2>
+      Allow from all
+    </IfVersion>
+    <IfVersion > 2.2>
+      Require all granted
+    </IfVersion>
+  </IfModule>
+  <IfModule !mod_version.c>
+    Allow from all
+  </IfModule>
 </FilesMatch>
 
 # And no directory listings, either.
-Deny from all
+<IfModule mod_version.c>
+  <IfVersion <= 2.2>
+    Deny from all
+  </IfVersion>
+  <IfVersion > 2.2>
+    Require all denied
+  </IfVersion>
+</IfModule>
+<IfModule !mod_version.c>
+  Deny from all
+</IfModule>
 EOT
         },
 
@@ -342,17 +372,49 @@ EOT
 # if research.att.com ever changes their IP, or if you use a different
 # webdot server, you'll need to edit this
 <FilesMatch \\.dot\$>
-  Allow from 192.20.225.0/24
-  Deny from all
+  <IfModule mod_version.c>
+    <IfVersion <= 2.2>
+      Allow from 192.20.225.0/24
+      Deny from all
+    </IfVersion>
+    <IfVersion > 2.2>
+      Require ip 192.20.225.0/24
+      Require all denied
+   </IfVersion>
+  </IfModule>
+  <IfModule !mod_version.c>
+    Allow from 192.20.225.0/24
+    Deny from all
+  </IfModule>
 </FilesMatch>
 
 # Allow access to .png files created by a local copy of 'dot'
 <FilesMatch \\.png\$>
-  Allow from all
+  <IfModule mod_version.c>
+    <IfVersion <= 2.2>
+      Allow from all
+    </IfVersion>
+    <IfVersion > 2.2>
+      Require all granted
+    </IfVersion>
+  </IfModule>
+  <IfModule !mod_version.c>
+    Allow from all
+  </IfModule>
 </FilesMatch>
 
 # And no directory listings, either.
-Deny from all
+<IfModule mod_version.c>
+  <IfVersion <= 2.2>
+    Deny from all
+  </IfVersion>
+  <IfVersion > 2.2>
+    Require all denied
+  </IfVersion>
+</IfModule>
+<IfModule !mod_version.c>
+  Deny from all
+</IfModule>
 EOT
         },
     );