summaryrefslogtreecommitdiff
path: root/.htaccess
diff options
context:
space:
mode:
authorAleksander Machniak <alec@alec.pl>2013-11-05 11:20:14 +0100
committerAleksander Machniak <alec@alec.pl>2013-11-05 11:20:14 +0100
commit88934b6132ac22da5a66724943837bf5cae82779 (patch)
tree0af09578b40943a65f80fc0da501e3427ebf0b9c /.htaccess
parent540e112bd85875fec851b521dfa1e5d12429fd47 (diff)
Keep all security rules in one place, support Apache 2.4 syntax
Diffstat (limited to '.htaccess')
-rw-r--r--.htaccess20
1 files changed, 14 insertions, 6 deletions
diff --git a/.htaccess b/.htaccess
index 10af3094e..43ab5b04f 100644
--- a/.htaccess
+++ b/.htaccess
@@ -26,17 +26,25 @@ php_value session.gc_probability 1
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^favicon\.ico$ skins/larry/images/favicon.ico
+
# security rules
-RewriteRule \.git - [F]
-RewriteRule ^/?(README(.md)?|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ - [NC,F]
-RewriteRule ^/?(SQL|bin) - [NC,F]
+RewriteRule ^/?(\.git|SQL|bin|config|logs|temp|tests|program\/(include|lib|localization|steps)) - [F]
+RewriteRule /?(README(.md)?|composer\.json-dist|composer\.json|package\.xml)$ - [F]
</IfModule>
# deny access to all files not containing a "." (dot)
-# to block access to different README, ChangeLog, etc. files
-# of various skins and plugins.
+# to block access to different README, Changelog, INSTALL, etc.
+# files of various skins and plugins.
<FilesMatch "^[^\.]+$">
-Deny from all
+ # Apache 2.4
+ <IfModule mod_authz_core.c>
+ Require all denied
+ </IfModule>
+ # Apache 2.2
+ <IfModule !mod_authz_core.c>
+ Order Allow,Deny
+ Deny from all
+ </IfModule>
</FilesMatch>
<IfModule mod_deflate.c>