From cb3ea1443ee52b0e323869cdf36db658762f58c9 Mon Sep 17 00:00:00 2001
From: Raoul Bhatia <raoul@bhatia.at>
Date: Sun, 27 Oct 2013 08:34:42 +0100
Subject: Deny access to all files not containing a . (dot) to block access to
 different README, ChangeLog, etc. files of various skins and plugins. Do not
 check case for default README/INSTALL/LICENE files.

---
 .htaccess | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/.htaccess b/.htaccess
index dc6e62f38..10af3094e 100644
--- a/.htaccess
+++ b/.htaccess
@@ -28,10 +28,17 @@ RewriteEngine On
 RewriteRule ^favicon\.ico$ skins/larry/images/favicon.ico
 # security rules
 RewriteRule \.git - [F]
-RewriteRule ^/?(README(.md)?|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ - [F]
-RewriteRule ^/?(SQL|bin) - [F]
+RewriteRule ^/?(README(.md)?|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ - [NC,F]
+RewriteRule ^/?(SQL|bin) - [NC,F]
 </IfModule>
 
+# deny access to all files not containing a "." (dot)
+# to block access to different README, ChangeLog, etc. files
+# of various skins and plugins.
+<FilesMatch "^[^\.]+$">
+Deny from all
+</FilesMatch>
+
 <IfModule mod_deflate.c>
 SetOutputFilter DEFLATE
 </IfModule>
-- 
cgit v1.2.3