From 88934b6132ac22da5a66724943837bf5cae82779 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 5 Nov 2013 11:20:14 +0100
Subject: Keep all security rules in one place, support Apache 2.4 syntax

---
 .htaccess | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

(limited to '.htaccess')

diff --git a/.htaccess b/.htaccess
index 10af3094e..43ab5b04f 100644
--- a/.htaccess
+++ b/.htaccess
@@ -26,17 +26,25 @@ php_value	session.gc_probability	1
 <IfModule mod_rewrite.c>
 RewriteEngine On
 RewriteRule ^favicon\.ico$ skins/larry/images/favicon.ico
+
 # security rules
-RewriteRule \.git - [F]
-RewriteRule ^/?(README(.md)?|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ - [NC,F]
-RewriteRule ^/?(SQL|bin) - [NC,F]
+RewriteRule ^/?(\.git|SQL|bin|config|logs|temp|tests|program\/(include|lib|localization|steps)) - [F]
+RewriteRule /?(README(.md)?|composer\.json-dist|composer\.json|package\.xml)$ - [F]
 </IfModule>
 
 # deny access to all files not containing a "." (dot)
-# to block access to different README, ChangeLog, etc. files
-# of various skins and plugins.
+# to block access to different README, Changelog, INSTALL, etc.
+# files of various skins and plugins.
 <FilesMatch "^[^\.]+$">
-Deny from all
+    # Apache 2.4
+    <IfModule mod_authz_core.c>
+        Require all denied
+    </IfModule>
+    # Apache 2.2
+    <IfModule !mod_authz_core.c>
+        Order Allow,Deny
+        Deny from all
+    </IfModule>
 </FilesMatch>
 
 <IfModule mod_deflate.c>
-- 
cgit v1.2.3