diff options
Diffstat (limited to '.htaccess.dist')
| -rw-r--r-- | .htaccess.dist | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/.htaccess.dist b/.htaccess.dist index 18475b849..33f794673 100644 --- a/.htaccess.dist +++ b/.htaccess.dist @@ -1,7 +1,12 @@ # Copy this file to `.htaccess` for additional root-level protection # if you cannot set Apache `DocumentRoot` to `./p/` as recommended. -# Deny files starting with a dot, or without extension (except some), or not in a whitelist of extensions -<FilesMatch "^\.|^(?!oidc)[^.]+$|\.(?!css|gif|html|ico|js|php|png|svg|txt|woff|woff2)[^.]*$"> +# Deny files starting with a dot or without extension or with specific extensions +<FilesMatch "^\.|^[^.]+$|\.(config\.js|gz|json|md|neon|sqlite|xml|ya?ml|zip)$"> Require all denied </FilesMatch> + +# Deny some sub-folders, which may not be excluded by their own .htaccess +<If "%{REQUEST_URI} =~ m#/(bin|data|node_modules|vendor|\..+)(/|$)#"> + Require all denied +</If> |