From 585ee9e1813451c5afd1d897a1d281ee39611bbd Mon Sep 17 00:00:00 2001
From: Thomas Bruederli <thomas@roundcube.net>
Date: Thu, 07 May 2015 08:13:02 -0400
Subject: [PATCH] Improve directory protection for Apache 2.4

---
 INSTALL          |    6 ++++++
 config/.htaccess |    7 ++++++-
 temp/.htaccess   |    7 ++++++-
 logs/.htaccess   |    7 ++++++-
 4 files changed, 24 insertions(+), 3 deletions(-)

diff --git a/INSTALL b/INSTALL
index 0087a41..a608bd6 100644
--- a/INSTALL
+++ b/INSTALL
@@ -169,6 +169,12 @@
 mod_rewrite for Apache webserver and double check access to the above listed
 directories and their contents is denied.
 
+NOTE: In Apache 2.4, support for .htaccess files has been disabled by
+default. Therefore you first need to enable this in your Apache main or
+virtual host config by with:
+
+ AllowOverride all
+
 
 UPGRADING
 =========
diff --git a/config/.htaccess b/config/.htaccess
index 896e680..43e24ed 100644
--- a/config/.htaccess
+++ b/config/.htaccess
@@ -1,2 +1,7 @@
 # deny webserver access to this directory
-Deny from all
+<ifModule mod_authz_core.c>
+    Require all denied
+</ifModule>
+<ifModule !mod_authz_core.c>
+    Deny from all
+</ifModule>
diff --git a/logs/.htaccess b/logs/.htaccess
index 896e680..43e24ed 100644
--- a/logs/.htaccess
+++ b/logs/.htaccess
@@ -1,2 +1,7 @@
 # deny webserver access to this directory
-Deny from all
+<ifModule mod_authz_core.c>
+    Require all denied
+</ifModule>
+<ifModule !mod_authz_core.c>
+    Deny from all
+</ifModule>
diff --git a/temp/.htaccess b/temp/.htaccess
index 896e680..43e24ed 100644
--- a/temp/.htaccess
+++ b/temp/.htaccess
@@ -1,2 +1,7 @@
 # deny webserver access to this directory
-Deny from all
+<ifModule mod_authz_core.c>
+    Require all denied
+</ifModule>
+<ifModule !mod_authz_core.c>
+    Deny from all
+</ifModule>

--
Gitblit v1.9.1