Checkmk Werk 13322: Limit executable php scripts to NagVis files

ID: 13322 Title: Limit executable php scripts to NagVis files Component: Site Management Level: 1 Class: Security fix Version: 2.1.0i1 Previously the web server was able to execute <tt>.php</tt> files from all locations that are callable by the user. With this change, we now limit the execution of php files to the paths we need in the default installation for NagVis. Please note: In case you intentionally installed php files in your site to access them through the site web server, you may now need to extend your sites web server configuration to make it work again as before. For example, if you installed one file to <tt>var/www/my_script.php</tt>, you can make it usable again with the following configuration <tt>etc/apache/conf.d/my_script.conf</tt>: C+: <Location "/[site_id]/my_script.php"> Options +ExecCGI </Location> C-: