setup neo4j config to disable load on local file

InternetHealthReport · Aug 21, 2024 · faa14c3 · faa14c3
1 parent f9481fb
commit faa14c3
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 5 deletions.
diff --git a/public/conf_notls/neo4j.conf b/public/conf_notls/neo4j.conf
@@ -206,8 +206,6 @@ server.http.enabled=true
 # `LOAD CSV`. Setting this value to `false` will cause Neo4j to fail `LOAD CSV`
 # clauses that load data from the file system.
 dbms.security.allow_csv_import_from_file_urls=false
-dbms.security.allow_file_urls=false
-
 
 # Value of the Access-Control-Allow-Origin header sent over any HTTP or HTTPS
 # connector. This defaults to '*', which allows broadest compatibility. Note
@@ -243,7 +241,7 @@ server.databases.default_to_read_only=true
 
 # A comma separated list of procedures to be loaded by default.
 # Leaving this unconfigured will load all procedures found.
-#dbms.security.procedures.allowlist=apoc.coll.*,apoc.load.*,gds.*
+dbms.security.procedures.allowlist=
 
 #********************************************************************
 # JVM Parameters

diff --git a/public/conf_tls/neo4j.conf b/public/conf_tls/neo4j.conf
@@ -206,8 +206,6 @@ dbms.ssl.policy.https.public_certificate=neo4j.cert
 # `LOAD CSV`. Setting this value to `false` will cause Neo4j to fail `LOAD CSV`
 # clauses that load data from the file system.
 dbms.security.allow_csv_import_from_file_urls=false
-dbms.security.allow_file_urls=false
-
 
 # Value of the Access-Control-Allow-Origin header sent over any HTTP or HTTPS
 # connector. This defaults to '*', which allows broadest compatibility. Note