diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2014-04-24 10:33:58 +0400 |
|---|---|---|
| committer | Lukas Reschke <lukas@statuscode.ch> | 2014-04-24 10:33:58 +0400 |
| commit | c92a13848931a9872aad3edd281950f0dfebafeb (patch) | |
| tree | aff0b9fd5042481618267f7a9ccca133ef32bc00 /config/.htaccess | |
| parent | 435672feaa22c0fc3c8caf7f6dbaefa0edb6f5d3 (diff) | |
Preventing access to the config folder
It isn't uncommon that admins create a backup file of the config (i.e. `config.php.bak`) before performing any changes. This would allow everybody to read the backup of the configuration file which contain several secret and critical values.
I don't believe this is worth a backport or getting added to the installer. It's just a nice to have. People that create public readable backups of their configuration are the one to blame, not us :-)
Diffstat (limited to 'config/.htaccess')
| -rw-r--r-- | config/.htaccess | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/config/.htaccess b/config/.htaccess new file mode 100644 index 00000000000..2421e9a1631 --- /dev/null +++ b/config/.htaccess @@ -0,0 +1,12 @@ +# line below if for Apache 2.4 +<ifModule mod_authz_core> +Require all denied +</ifModule> + +# line below if for Apache 2.2 +<ifModule !mod_authz_core> +deny from all +</ifModule> + +# section for Apache 2.2 and 2.4 +IndexIgnore * |