diff options
Diffstat (limited to '.htaccess')
| -rw-r--r-- | .htaccess | 26 |
1 files changed, 8 insertions, 18 deletions
@@ -27,26 +27,16 @@ php_value session.gc_probability 1 RewriteEngine On RewriteRule ^favicon\.ico$ skins/larry/images/favicon.ico -# security rules -RewriteRule ^/?(\.git|SQL|bin|config|logs|temp|tests|program\/(include|lib|localization|steps)) - [F] -RewriteRule /?(README(.md)?|composer\.json-dist|composer\.json|package\.xml)$ - [F] +# security rules: +# - deny access to files not containing a dot or starting with a dot +# in all locations except installer directory +RewriteRule ^(?!installer)(\.?[^\.]+)$ - [F] +# - deny access to some locations +RewriteRule ^/?(\.git|\.tx|SQL|bin|config|logs|temp|tests|program\/(include|lib|localization|steps)) - [F] +# - deny access to some documentation files +RewriteRule /?(README\.md|composer\.json-dist|composer\.json|package\.xml)$ - [F] </IfModule> -# deny access to all files not containing a "." (dot) -# to block access to different README, Changelog, INSTALL, etc. -# files of various skins and plugins. -<FilesMatch "^[^\.]+$"> - # Apache 2.4 - <IfModule mod_authz_core.c> - Require all denied - </IfModule> - # Apache 2.2 - <IfModule !mod_authz_core.c> - Order Allow,Deny - Deny from all - </IfModule> -</FilesMatch> - <IfModule mod_deflate.c> SetOutputFilter DEFLATE </IfModule> |