summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRaoul Bhatia <raoul@bhatia.at>2013-10-27 08:34:42 +0100
committerRaoul Bhatia <raoul@bhatia.at>2013-10-27 08:35:21 +0100
commitcb3ea1443ee52b0e323869cdf36db658762f58c9 (patch)
treec11768844d4558a4aa6ca9ea0c57ca72568aaec7
parenta0e3f127b1301dceba90b2690e20c7b6ee97e954 (diff)
Deny access to all files not containing a . (dot) to block access to different README, ChangeLog, etc. files of various skins and plugins.
Do not check case for default README/INSTALL/LICENE files.
-rw-r--r--.htaccess11
1 files changed, 9 insertions, 2 deletions
diff --git a/.htaccess b/.htaccess
index dc6e62f38..10af3094e 100644
--- a/.htaccess
+++ b/.htaccess
@@ -28,10 +28,17 @@ RewriteEngine On
RewriteRule ^favicon\.ico$ skins/larry/images/favicon.ico
# security rules
RewriteRule \.git - [F]
-RewriteRule ^/?(README(.md)?|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ - [F]
-RewriteRule ^/?(SQL|bin) - [F]
+RewriteRule ^/?(README(.md)?|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ - [NC,F]
+RewriteRule ^/?(SQL|bin) - [NC,F]
</IfModule>
+# deny access to all files not containing a "." (dot)
+# to block access to different README, ChangeLog, etc. files
+# of various skins and plugins.
+<FilesMatch "^[^\.]+$">
+Deny from all
+</FilesMatch>
+
<IfModule mod_deflate.c>
SetOutputFilter DEFLATE
</IfModule>