Apache protect more non-public folders and files (#6881)

* Apache protect more non-public folders * Also protect root * Do the same for /p/ * Simplify Require all denied In case of Apache 2.2, it will just make an error 500 instead of 403 * .htaccess.dist * Simplify * Better comment
author: Alexandre Alapetite <alexandre@alapetite.fr> 2024-10-11 09:25:43 +0200
committer: GitHub <noreply@github.com> 2024-10-11 09:25:43 +0200
commit: 91624037c7d73eb545478aab2f8abc55fc224453 (patch)
tree: c1de6a07d7e30c5e88c3de40fd152e5304722cca /p
parent: b30a8fa652018025f8ccc6b361823486d04cf390 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/p/.htaccess b/p/.htaccess
index 70bc34710..94c4e08e5 100644
--- a/p/.htaccess
+++ b/p/.htaccess
@@ -1,3 +1,10 @@
+<IfModule mod_authz_core.c>
+	# Deny files starting with a dot, or without extension, or not in a whitelist of extensions
+	<FilesMatch "^\.|^[^.]+$|\.(?!css|gif|html|ico|js|php|png|svg|txt|woff|woff2)[^.]*$">
+		Require all denied
+	</FilesMatch>
+</IfModule>
+
 <IfModule mod_dir.c>
 	DirectoryIndex	index.php index.html
 </IfModule>
author	Alexandre Alapetite <alexandre@alapetite.fr>	2024-10-11 09:25:43 +0200
committer	GitHub <noreply@github.com>	2024-10-11 09:25:43 +0200
commit	91624037c7d73eb545478aab2f8abc55fc224453 (patch)
tree	c1de6a07d7e30c5e88c3de40fd152e5304722cca /p
parent	b30a8fa652018025f8ccc6b361823486d04cf390 (diff)