stackoom
  简体   繁体   中英

Should I disable mod_rails for images and stylesheets directories?

 原文  2009-09-29 14:37:03       ruby-on-rails/ configuration

Question

I had a rare error in my Rails application. A CSS file was referring to non existing image files. And missing PNG file was somehow mapped to a controller action. Fortunately the action wasn't changing DB. This seems to be not OK that missing PNG can trigger controller action.

So should I disable mod_rails for static asset directories? However I've never heard this is required for Rails apps.

2 answers

solution1
 0 ACCPTED  2009-09-29 14:42:07

It is definitely a good idea, since if you allow any kind of image upload the target destination is usually the asset directory. Normally the user can quite easily upload a php or ruby file instead, so disabling all mod_evil_script for these directories is a good idea in general.

solution2
 0  2009-09-29 15:01:55

You should be serving static assets directly via Apache anyway, because it's faster. Let Rails do what it's designed to do which is handle dynamic requests.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Why does the Passenger/mod_rails documentation ask me to explicitly disable MultiViews? mod_rails and Paperclip problem Paperclip::NotIdentifiedByImageMagickError phusion passenger mod_rails on apache hanging VirtualHost problem with passenger (mod_rails) Mod_rails and mongrel running on the same server? mod_rails make: command not found How to monitor passenger / mod_rails processes? Can't install passanger mod_rails How do I figure out why my rails 3 app, using mod_rails, is so slow? is mod_rails or Phusion Passenger finally the answer to Ruby on Rails Deployment?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM