diff options
author | Aleksander Machniak <alec@alec.pl> | 2013-12-13 10:04:41 +0100 |
---|---|---|
committer | Aleksander Machniak <alec@alec.pl> | 2013-12-13 10:04:41 +0100 |
commit | 2dade15d83b9d0b105fcb35c9edd62bfeceece16 (patch) | |
tree | bd66972e58a00e002875c20340f40c06ddf4939f /.htaccess | |
parent | 4187b3e26ff00b607d05cb9b588e83db18c3cab7 (diff) |
Fix security rules in .htaccess preventing access to base URL without the ending slash (#1489477)
Diffstat (limited to '.htaccess')
-rw-r--r-- | .htaccess | 26 |
1 files changed, 8 insertions, 18 deletions
@@ -27,26 +27,16 @@ php_value session.gc_probability 1 RewriteEngine On RewriteRule ^favicon\.ico$ skins/larry/images/favicon.ico -# security rules -RewriteRule ^/?(\.git|SQL|bin|config|logs|temp|tests|program\/(include|lib|localization|steps)) - [F] -RewriteRule /?(README(.md)?|composer\.json-dist|composer\.json|package\.xml)$ - [F] +# security rules: +# - deny access to files not containing a dot or starting with a dot +# in all locations except installer directory +RewriteRule ^(?!installer)(\.?[^\.]+)$ - [F] +# - deny access to some locations +RewriteRule ^/?(\.git|\.tx|SQL|bin|config|logs|temp|tests|program\/(include|lib|localization|steps)) - [F] +# - deny access to some documentation files +RewriteRule /?(README\.md|composer\.json-dist|composer\.json|package\.xml)$ - [F] </IfModule> -# deny access to all files not containing a "." (dot) -# to block access to different README, Changelog, INSTALL, etc. -# files of various skins and plugins. -<FilesMatch "^[^\.]+$"> - # Apache 2.4 - <IfModule mod_authz_core.c> - Require all denied - </IfModule> - # Apache 2.2 - <IfModule !mod_authz_core.c> - Order Allow,Deny - Deny from all - </IfModule> -</FilesMatch> - <IfModule mod_deflate.c> SetOutputFilter DEFLATE </IfModule> |