diff options
Diffstat (limited to '.htaccess')
| -rw-r--r-- | .htaccess | 20 |
1 files changed, 14 insertions, 6 deletions
@@ -26,17 +26,25 @@ php_value session.gc_probability 1 <IfModule mod_rewrite.c> RewriteEngine On RewriteRule ^favicon\.ico$ skins/larry/images/favicon.ico + # security rules -RewriteRule \.git - [F] -RewriteRule ^/?(README(.md)?|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ - [NC,F] -RewriteRule ^/?(SQL|bin) - [NC,F] +RewriteRule ^/?(\.git|SQL|bin|config|logs|temp|tests|program\/(include|lib|localization|steps)) - [F] +RewriteRule /?(README(.md)?|composer\.json-dist|composer\.json|package\.xml)$ - [F] </IfModule> # deny access to all files not containing a "." (dot) -# to block access to different README, ChangeLog, etc. files -# of various skins and plugins. +# to block access to different README, Changelog, INSTALL, etc. +# files of various skins and plugins. <FilesMatch "^[^\.]+$"> -Deny from all + # Apache 2.4 + <IfModule mod_authz_core.c> + Require all denied + </IfModule> + # Apache 2.2 + <IfModule !mod_authz_core.c> + Order Allow,Deny + Deny from all + </IfModule> </FilesMatch> <IfModule mod_deflate.c> |