summaryrefslogtreecommitdiff
path: root/.htaccess
AgeCommit message (Collapse)Author
2014-12-16Improve system security by using optional special URL with security tokenAleksander Machniak
Allows to define separate server/path for image/js/css files Fix bugs where CSRF attacks were still possible on some requests
2014-10-13Remove zend.ze1_compatibility_mode checks, it does not exist in PHP >= 5.3Aleksander Machniak
2014-05-04Support upload progress with session.upload_progress and PECL uploadprogress ↵Aleksander Machniak
module (#1488702)
2014-04-23Convert tabs to spacesAleksander Machniak
2014-04-23Set register_globals=off in .htaccess file and add note to INSTALLAleksander Machniak
2013-12-13Fix security rules in .htaccess preventing access to base URL without the ↵Aleksander Machniak
ending slash (#1489477)
2013-11-05Keep all security rules in one place, support Apache 2.4 syntaxAleksander Machniak
2013-10-27Deny access to all files not containing a . (dot) to block access to ↵Raoul Bhatia
different README, ChangeLog, etc. files of various skins and plugins. Do not check case for default README/INSTALL/LICENE files.
2013-07-28- Fix rewrite rule in .htaccess (#1489240)Aleksander Machniak
2013-07-19Update .htaccessDennis1993
Delete a bugfix for PHP4, because the current version requires at least PHP 5.2.1. The case thus never occurs.
2013-02-10Fix rewrite rule to actually prevent access to bin/ and SQL/ directoriesThomas Bruederli
2013-01-23prevent access to UPGRADING via .htaccessRaoul Bhatia
2012-08-09Replace some forgotten references to skins/default (#1488591)Thomas Bruederli
2012-05-23improve .htaccess security rules:Raoul Bhatia
1. also prevent access to .gitignore 2. make the second security rule work as expected 3. include README.md in security rules
2012-05-09Replace directory .svn/ by .git/ in security rulesAntoine Catton
2012-02-17- Escape dot in regexp (#1488357)alecpl
2011-12-25- Add ifModule statement for setting Options -Indexes in .htaccess file ↵alecpl
(#1488274)
2011-07-02Improve .htaccess rules to make it less easy to fingerprint roundcube versionalecpl
by denying access to files and stoping directory indexes (#1484066)
2010-02-18Add (inactive) session.cookie_path line to .htaccess as suggested in #1486456thomascube
2009-09-22- remove set_magic_quotes_runtime() call, use set_time_limit() with @ (#1486149)alecpl
2009-09-09 * using php_flag to turn it off (instead of php_value)till
2009-08-27Don't set php_value error_log in .htaccess by defaultthomascube
2009-07-01Remove access control from .htaccessthomascube
2009-06-19Use filemtime for cache busting + better etag for static filesthomascube
2009-06-02- disable zlib.output_compression in default configalecpl
2009-06-01- get rid of some hardcoded action names and move decission about output ↵alecpl
compression to the user
2009-05-28Speedup UI by using CSS sprites and etags/expires/deflate for static filesthomascube
2009-05-14- suhosin.session.encrypt breaks Session handling (#1485846)alecpl
2009-01-20* removed, .sh scripts are fixed, not necessary for .inctill
2009-01-09Deny access to .sh filesthomascube
2008-11-21#1485571: mbstring.func_overload forbiddenalecpl
2008-10-11#1485375, #1485491alecpl
2008-10-06#1485375: added favicon.ico redirectalecpl
2008-10-06#1485460: session.gc_* moved to main .htaccess filealecpl
2008-08-08#1485155: added zend.ze1_compatibility_mode check in installer and option ↵alecpl
disabled in .htaccess
2008-06-11-removed content for mod_php4alecpl
2008-03-03Adapt changes to .htaccess and READMEthomascube
2008-02-17make magic_quotes_gpc = 0svncommit
2008-02-16* check.php: add another check for zlib.output_compression 0till
* .htaccess: forcing it off
2008-02-02* corrected a mistake I made on my last commit when i forced auto_start to ↵till
"1", but of course it has to be "0"/off (thanks "the_glu@freenode")
2008-02-01* fixed #1484437till
* also added it to check.php
2007-12-10New class rcube_user + send message disposition notificationthomascube
2007-09-19Allow vars and PHP code in templates; improved page title; fixed #1484395thomascube
2007-09-05Fix message list selection + new pngbehavior + use strpos() instead of strstr()thomascube
2007-08-16Use IfModule directive in .htaccess (closes #1484381)thomascube
2007-08-09Fixes interface lock-up issues and minor bugs (richs)svncommit
2007-08-07Documentation, code style and cleanupthomascube
2006-07-18Fixed bugs #1364122, #1468895, ticket #1483811 and other minor bugsthomascube
2006-05-25Changed default error display to Offthomascube
2006-03-03Improved reading of POST and GET valuesthomascube