From cb3ea1443ee52b0e323869cdf36db658762f58c9 Mon Sep 17 00:00:00 2001
From: Raoul Bhatia <raoul@bhatia.at>
Date: Sun, 27 Oct 2013 03:35:21 -0400
Subject: [PATCH] Deny access to all files not containing a . (dot) to block access to different README, ChangeLog, etc. files of various skins and plugins. Do not check case for default README/INSTALL/LICENE files.

---
 .htaccess |   11 +++++++++--
 1 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/.htaccess b/.htaccess
index dc6e62f..10af309 100644
--- a/.htaccess
+++ b/.htaccess
@@ -28,10 +28,17 @@
 RewriteRule ^favicon\.ico$ skins/larry/images/favicon.ico
 # security rules
 RewriteRule \.git - [F]
-RewriteRule ^/?(README(.md)?|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ - [F]
-RewriteRule ^/?(SQL|bin) - [F]
+RewriteRule ^/?(README(.md)?|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ - [NC,F]
+RewriteRule ^/?(SQL|bin) - [NC,F]
 </IfModule>
 
+# deny access to all files not containing a "." (dot)
+# to block access to different README, ChangeLog, etc. files
+# of various skins and plugins.
+<FilesMatch "^[^\.]+$">
+Deny from all
+</FilesMatch>
+
 <IfModule mod_deflate.c>
 SetOutputFilter DEFLATE
 </IfModule>

--
Gitblit v1.9.1