Apache protect more non-public folders and files (#6881)

* Apache protect more non-public folders * Also protect root * Do the same for /p/ * Simplify Require all denied In case of Apache 2.2, it will just make an error 500 instead of 403 * .htaccess.dist * Simplify * Better comment
author: Alexandre Alapetite <alexandre@alapetite.fr> 2024-10-11 09:25:43 +0200
committer: GitHub <noreply@github.com> 2024-10-11 09:25:43 +0200
commit: 91624037c7d73eb545478aab2f8abc55fc224453 (patch)
tree: c1de6a07d7e30c5e88c3de40fd152e5304722cca /.htaccess.dist
parent: b30a8fa652018025f8ccc6b361823486d04cf390 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/.htaccess.dist b/.htaccess.dist
new file mode 100644
index 000000000..8821ae1ea
--- /dev/null
+++ b/.htaccess.dist
@@ -0,0 +1,7 @@
+# Copy this file to `.htaccess` for additional root-level protection
+# if you cannot set Apache `DocumentRoot` to `./p/` as recommended.
+
+# Deny files starting with a dot, or without extension, or not in a whitelist of extensions
+<FilesMatch "^\.|^[^.]+$|\.(?!css|gif|html|ico|js|php|png|svg|txt|woff|woff2)[^.]*$">
+	Require all denied
+</FilesMatch>
author	Alexandre Alapetite <alexandre@alapetite.fr>	2024-10-11 09:25:43 +0200
committer	GitHub <noreply@github.com>	2024-10-11 09:25:43 +0200
commit	91624037c7d73eb545478aab2f8abc55fc224453 (patch)
tree	c1de6a07d7e30c5e88c3de40fd152e5304722cca /.htaccess.dist
parent	b30a8fa652018025f8ccc6b361823486d04cf390 (diff)