Merge branch 'master' of github.com:roundcube/roundcubemail

author: Thomas Bruederli <thomas@roundcube.net> 2013-11-07 11:39:23 +0100
committer: Thomas Bruederli <thomas@roundcube.net> 2013-11-07 11:39:23 +0100
commit: 884e1ecce94a41e705856b0cae6540a171f53461 (patch)
tree: 8fe459e326459c4a3077af2f53d0fc21b9573ad7 /.htaccess
parent: 1e7d1240ed09c4abf411e9ad76eaccf93d4512c0 (diff)
parent: 00de8ddf8d899a8c9a9ca89009f845f88eb7a6cc (diff)
1 files changed, 18 insertions, 3 deletions
diff --git a/.htaccess b/.htaccess
index dc6e62f38..43ab5b04f 100644
--- a/.htaccess
+++ b/.htaccess
@@ -26,12 +26,27 @@ php_value	session.gc_probability	1
 <IfModule mod_rewrite.c>
 RewriteEngine On
 RewriteRule ^favicon\.ico$ skins/larry/images/favicon.ico
+
 # security rules
-RewriteRule \.git - [F]
-RewriteRule ^/?(README(.md)?|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ - [F]
-RewriteRule ^/?(SQL|bin) - [F]
+RewriteRule ^/?(\.git|SQL|bin|config|logs|temp|tests|program\/(include|lib|localization|steps)) - [F]
+RewriteRule /?(README(.md)?|composer\.json-dist|composer\.json|package\.xml)$ - [F]
 </IfModule>
 
+# deny access to all files not containing a "." (dot)
+# to block access to different README, Changelog, INSTALL, etc.
+# files of various skins and plugins.
+<FilesMatch "^[^\.]+$">
+    # Apache 2.4
+    <IfModule mod_authz_core.c>
+        Require all denied
+    </IfModule>
+    # Apache 2.2
+    <IfModule !mod_authz_core.c>
+        Order Allow,Deny
+        Deny from all
+    </IfModule>
+</FilesMatch>
+
 <IfModule mod_deflate.c>
 SetOutputFilter DEFLATE
 </IfModule>
author	Thomas Bruederli <thomas@roundcube.net>	2013-11-07 11:39:23 +0100
committer	Thomas Bruederli <thomas@roundcube.net>	2013-11-07 11:39:23 +0100
commit	884e1ecce94a41e705856b0cae6540a171f53461 (patch)
tree	8fe459e326459c4a3077af2f53d0fc21b9573ad7 /.htaccess
parent	1e7d1240ed09c4abf411e9ad76eaccf93d4512c0 (diff)
parent	00de8ddf8d899a8c9a9ca89009f845f88eb7a6cc (diff)