From 4b1d5d6e384fc5bddff8ee1c7cb35b8ea9c84bf3 Mon Sep 17 00:00:00 2001
From: alecpl <alec@alec.pl>
Date: Sat, 02 Jul 2011 04:20:15 -0400
Subject: [PATCH] Improve .htaccess rules to make it less easy to fingerprint roundcube version by denying access to files and stoping directory indexes (#1484066)

---
 program/.htaccess |    4 ++++
 .htaccess         |    6 ++++--
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/.htaccess b/.htaccess
index 704779e..2bc9f95 100644
--- a/.htaccess
+++ b/.htaccess
@@ -29,6 +29,9 @@
 <IfModule mod_rewrite.c>
 RewriteEngine On
 RewriteRule ^favicon.ico$ skins/default/images/favicon.ico
+# security rules
+RewriteRule .svn/ - [F]
+RewriteRule ^README|INSTALL|LICENSE|SQL|bin|CHANGELOG$ - [F]
 </IfModule>
 
 <IfModule mod_deflate.c>
@@ -46,5 +49,4 @@
 </IfModule>
 
 FileETag MTime Size
-
-
+Options -Indexes
diff --git a/program/.htaccess b/program/.htaccess
new file mode 100644
index 0000000..4ad1b9d
--- /dev/null
+++ b/program/.htaccess
@@ -0,0 +1,4 @@
+<IfModule mod_rewrite.c>
+RewriteEngine On
+RewriteRule !^js|.*\.gif$ - [F]
+</IfModule>

--
Gitblit v1.9.1