summaryrefslogtreecommitdiff
path: root/.htaccess
diff options
context:
space:
mode:
authorAleksander Machniak <alec@alec.pl>2013-11-05 00:20:13 -0800
committerAleksander Machniak <alec@alec.pl>2013-11-05 00:20:13 -0800
commit540e112bd85875fec851b521dfa1e5d12429fd47 (patch)
tree8f76c29065ea3e86cd3b07962d0d9b4a02bdcafc /.htaccess
parent5e3e4fe0c6f8e8ab1ff29ec685f127281700c953 (diff)
parentcb3ea1443ee52b0e323869cdf36db658762f58c9 (diff)
Merge pull request #148 from raoulbhatia/master
Enhance .htaccess security rules
Diffstat (limited to '.htaccess')
-rw-r--r--.htaccess11
1 files changed, 9 insertions, 2 deletions
diff --git a/.htaccess b/.htaccess
index dc6e62f38..10af3094e 100644
--- a/.htaccess
+++ b/.htaccess
@@ -28,10 +28,17 @@ RewriteEngine On
RewriteRule ^favicon\.ico$ skins/larry/images/favicon.ico
# security rules
RewriteRule \.git - [F]
-RewriteRule ^/?(README(.md)?|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ - [F]
-RewriteRule ^/?(SQL|bin) - [F]
+RewriteRule ^/?(README(.md)?|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ - [NC,F]
+RewriteRule ^/?(SQL|bin) - [NC,F]
</IfModule>
+# deny access to all files not containing a "." (dot)
+# to block access to different README, ChangeLog, etc. files
+# of various skins and plugins.
+<FilesMatch "^[^\.]+$">
+Deny from all
+</FilesMatch>
+
<IfModule mod_deflate.c>
SetOutputFilter DEFLATE
</IfModule>