Roundcubemail devel
parent: 540e112b | patch | commit | ignore whitespace
Aleksander Machniak
2013-11-05 88934b6132ac22da5a66724943837bf5cae82779 
Keep all security rules in one place, support Apache 2.4 syntax
1 files modified
4 files deleted
30 ■■■■ changed files
.htaccess 20 ●●●● patch | view | raw | blame | history
config/.htaccess 2 ●●●●● patch | view | raw | blame | history
logs/.htaccess 2 ●●●●● patch | view | raw | blame | history
program/.htaccess 4 ●●●● patch | view | raw | blame | history
temp/.htaccess 2 ●●●●● patch | view | raw | blame | history 
 .htaccess


@@ -26,17 +26,25 @@


<IfModule mod_rewrite.c>


RewriteEngine On


RewriteRule ^favicon\.ico$ skins/larry/images/favicon.ico




# security rules


RewriteRule \.git - [F]


RewriteRule ^/?(README(.md)?|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ - [NC,F]


RewriteRule ^/?(SQL|bin) - [NC,F]


RewriteRule ^/?(\.git|SQL|bin|config|logs|temp|tests|program\/(include|lib|localization|steps)) - [F]


RewriteRule /?(README(.md)?|composer\.json-dist|composer\.json|package\.xml)$ - [F]


</IfModule>




# deny access to all files not containing a "." (dot)


# to block access to different README, ChangeLog, etc. files


# of various skins and plugins.


# to block access to different README, Changelog, INSTALL, etc.


# files of various skins and plugins.


<FilesMatch "^[^\.]+$">


Deny from all


    # Apache 2.4


    <IfModule mod_authz_core.c>


        Require all denied


    </IfModule>


    # Apache 2.2


    <IfModule !mod_authz_core.c>


        Order Allow,Deny


        Deny from all


    </IfModule>


</FilesMatch>




<IfModule mod_deflate.c>




 config/.htaccess


File was deleted




 logs/.htaccess


File was deleted




 program/.htaccess


File was deleted




 temp/.htaccess


File was deleted