From ded453cdc41328e111a4431e93d042dbaaff388b Mon Sep 17 00:00:00 2001 From: Aleksander Machniak <alec@alec.pl> Date: Tue, 22 Dec 2015 07:22:58 -0500 Subject: [PATCH] Fix .htaccess rewrite rules to not block .well-known URIs (#1490615) --- CHANGELOG | 1 + .htaccess | 2 +- 2 files changed, 2 insertions(+), 1 deletions(-) diff --git a/.htaccess b/.htaccess index 95e5bf4..6f1d13d 100644 --- a/.htaccess +++ b/.htaccess @@ -31,7 +31,7 @@ # security rules: # - deny access to files not containing a dot or starting with a dot # in all locations except installer directory -RewriteRule ^(?!installer|[a-f0-9]{16})(\.?[^\.]+)$ - [F] +RewriteRule ^(?!installer|\.well-known\/|[a-f0-9]{16})(\.?[^\.]+)$ - [F] # - deny access to some locations RewriteRule ^/?(\.git|\.tx|SQL|bin|config|logs|temp|tests|program\/(include|lib|localization|steps)) - [F] # - deny access to some documentation files diff --git a/CHANGELOG b/CHANGELOG index 2074821..3f7cbd9 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -6,6 +6,7 @@ - Fix so Installer requires PHP5 - Make brute force attacks harder by re-generating security token on every failed login (#1490549) - Slow down brute-force attacks by waiting for a second after failed login (#1490549) +- Fix .htaccess rewrite rules to not block .well-known URIs (#1490615) - Fix so database_attachments::cleanup() does not remove attachments from other sessions (#1490542) - Fix responses list update issue after response name change (#1490555) - Fix bug where message preview was unintentionally reset on check-recent action (#1490563) -- Gitblit v1.9.1