\nAllow from all\n\n\n\nAllow from all\n\n\n\nAllow from all\n\n"; $deny = "\nDeny from all\n\n\n\nDeny from all\n\n\n\nDeny from all\n\n"; // more selective allow/deny filters $allowAny = "\n" . $allow . "Satisfy any\n\n"; $allowStaticAssets = "\n" . $allow . "Satisfy any\n\n"; $denyDirectPhp = "\n" . $deny . "\n"; $directoriesToProtect = array( '/js' => $allowAny, '/libs' => $denyDirectPhp . $allowStaticAssets, '/vendor' => $denyDirectPhp . $allowStaticAssets, '/plugins' => $denyDirectPhp . $allowStaticAssets, '/misc/user' => $denyDirectPhp . $allowStaticAssets, ); foreach ($directoriesToProtect as $directoryToProtect => $content) { Filesystem::createHtAccess(PIWIK_INCLUDE_PATH . $directoryToProtect, $overwrite = true, $content); } } /** * Generate IIS web.config files to restrict access * * Note: for IIS 7 and above */ public static function createWebConfigFiles() { @file_put_contents(PIWIK_INCLUDE_PATH . '/web.config', ' '); // deny direct access to .php files $directoriesToProtect = array( '/libs', '/vendor', '/plugins', ); foreach ($directoriesToProtect as $directoryToProtect) { @file_put_contents(PIWIK_INCLUDE_PATH . $directoryToProtect . '/web.config', ' '); } } /** * Generate default robots.txt, favicon.ico, etc to suppress * 404 (Not Found) errors in the web server logs, if Piwik * is installed in the web root (or top level of subdomain). * * @see misc/crossdomain.xml */ public static function createWebRootFiles() { $filesToCreate = array( '/robots.txt', '/favicon.ico', ); foreach ($filesToCreate as $file) { @file_put_contents(PIWIK_DOCUMENT_ROOT . $file, ''); } } }