Improve .htaccess rules to make it less easy to fingerprint roundcube version

by denying access to files and stoping directory indexes (#1484066)

1 files changed, 4 insertions, 2 deletions

diff --git a/.htaccess b/.htaccess
index 704779e2e..2bc9f95ea 100644
--- a/.htaccess
+++ b/.htaccess
@@ -29,6 +29,9 @@ php_value	mbstring.func_overload	0
 <IfModule mod_rewrite.c>
 RewriteEngine On
 RewriteRule ^favicon.ico$ skins/default/images/favicon.ico
+# security rules
+RewriteRule .svn/ - [F]
+RewriteRule ^README|INSTALL|LICENSE|SQL|bin|CHANGELOG$ - [F]
 </IfModule>
 
 <IfModule mod_deflate.c>
@@ -46,5 +49,4 @@ ExpiresDefault "access plus 1 month"
 </IfModule>
 
 FileETag MTime Size
-
-
+Options -Indexes