diff options
author | Aleksander Machniak <alec@alec.pl> | 2014-12-16 13:28:48 +0100 |
---|---|---|
committer | Aleksander Machniak <alec@alec.pl> | 2014-12-16 13:28:48 +0100 |
commit | 681ba6fc3c296cd6cd11050531b8f4e785141786 (patch) | |
tree | 77cd99edc9536c1e85e5ee057d231aa3aa5e0aba /.htaccess | |
parent | 53b7421d4419ce12c62d47e5b1231240cefdc3d5 (diff) |
Improve system security by using optional special URL with security token
Allows to define separate server/path for image/js/css files
Fix bugs where CSRF attacks were still possible on some requests
Diffstat (limited to '.htaccess')
-rw-r--r-- | .htaccess | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -30,7 +30,7 @@ RewriteRule ^favicon\.ico$ skins/larry/images/favicon.ico # security rules: # - deny access to files not containing a dot or starting with a dot # in all locations except installer directory -RewriteRule ^(?!installer)(\.?[^\.]+)$ - [F] +RewriteRule ^(?!installer|[a-f0-9]{16})(\.?[^\.]+)$ - [F] # - deny access to some locations RewriteRule ^/?(\.git|\.tx|SQL|bin|config|logs|temp|tests|program\/(include|lib|localization|steps)) - [F] # - deny access to some documentation files |