aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--.devcontainer/.htaccess1
-rw-r--r--.github/.htaccess1
-rw-r--r--.gitignore5
-rw-r--r--.htaccess.dist7
-rw-r--r--Docker/.htaccess1
-rw-r--r--app/.htaccess12
-rw-r--r--cli/.htaccess12
-rwxr-xr-xcli/prepare.php12
-rw-r--r--data/.htaccess12
-rw-r--r--docs/.htaccess1
-rw-r--r--extensions/.htaccess1
-rw-r--r--extensions/index.html13
-rw-r--r--lib/.htaccess12
-rw-r--r--lib/index.html13
-rw-r--r--p/.htaccess7
-rw-r--r--tests/.htaccess1
-rw-r--r--tests/index.html13
17 files changed, 67 insertions, 57 deletions
diff --git a/.devcontainer/.htaccess b/.devcontainer/.htaccess
new file mode 100644
index 000000000..b66e80882
--- /dev/null
+++ b/.devcontainer/.htaccess
@@ -0,0 +1 @@
+Require all denied
diff --git a/.github/.htaccess b/.github/.htaccess
new file mode 100644
index 000000000..b66e80882
--- /dev/null
+++ b/.github/.htaccess
@@ -0,0 +1 @@
+Require all denied
diff --git a/.gitignore b/.gitignore
index 2eff18708..ef4138383 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,10 +1,11 @@
+/.htaccess
/bin/
+/constants.local.php
+/data.back/
/extensions/node_modules/
/extensions/vendor/
/node_modules/
/vendor/
-/data.back/
-/constants.local.php
.vscode/
diff --git a/.htaccess.dist b/.htaccess.dist
new file mode 100644
index 000000000..8821ae1ea
--- /dev/null
+++ b/.htaccess.dist
@@ -0,0 +1,7 @@
+# Copy this file to `.htaccess` for additional root-level protection
+# if you cannot set Apache `DocumentRoot` to `./p/` as recommended.
+
+# Deny files starting with a dot, or without extension, or not in a whitelist of extensions
+<FilesMatch "^\.|^[^.]+$|\.(?!css|gif|html|ico|js|php|png|svg|txt|woff|woff2)[^.]*$">
+ Require all denied
+</FilesMatch>
diff --git a/Docker/.htaccess b/Docker/.htaccess
new file mode 100644
index 000000000..b66e80882
--- /dev/null
+++ b/Docker/.htaccess
@@ -0,0 +1 @@
+Require all denied
diff --git a/app/.htaccess b/app/.htaccess
index 32eca30f7..b66e80882 100644
--- a/app/.htaccess
+++ b/app/.htaccess
@@ -1,11 +1 @@
-# Apache 2.2
-<IfModule !mod_authz_core.c>
- Order Allow,Deny
- Deny from all
- Satisfy all
-</IfModule>
-
-# Apache 2.4
-<IfModule mod_authz_core.c>
- Require all denied
-</IfModule>
+Require all denied
diff --git a/cli/.htaccess b/cli/.htaccess
index 32eca30f7..b66e80882 100644
--- a/cli/.htaccess
+++ b/cli/.htaccess
@@ -1,11 +1 @@
-# Apache 2.2
-<IfModule !mod_authz_core.c>
- Order Allow,Deny
- Deny from all
- Satisfy all
-</IfModule>
-
-# Apache 2.4
-<IfModule mod_authz_core.c>
- Require all denied
-</IfModule>
+Require all denied
diff --git a/cli/prepare.php b/cli/prepare.php
index 414b48cd8..0b9faf044 100755
--- a/cli/prepare.php
+++ b/cli/prepare.php
@@ -25,17 +25,7 @@ foreach ($dirs as $dir) {
}
file_put_contents(DATA_PATH . '/.htaccess', <<<'EOF'
-# Apache 2.2
-<IfModule !mod_authz_core.c>
- Order Allow,Deny
- Deny from all
- Satisfy all
-</IfModule>
-
-# Apache 2.4
-<IfModule mod_authz_core.c>
- Require all denied
-</IfModule>
+Require all denied
EOF
);
diff --git a/data/.htaccess b/data/.htaccess
index 32eca30f7..b66e80882 100644
--- a/data/.htaccess
+++ b/data/.htaccess
@@ -1,11 +1 @@
-# Apache 2.2
-<IfModule !mod_authz_core.c>
- Order Allow,Deny
- Deny from all
- Satisfy all
-</IfModule>
-
-# Apache 2.4
-<IfModule mod_authz_core.c>
- Require all denied
-</IfModule>
+Require all denied
diff --git a/docs/.htaccess b/docs/.htaccess
new file mode 100644
index 000000000..b66e80882
--- /dev/null
+++ b/docs/.htaccess
@@ -0,0 +1 @@
+Require all denied
diff --git a/extensions/.htaccess b/extensions/.htaccess
new file mode 100644
index 000000000..b66e80882
--- /dev/null
+++ b/extensions/.htaccess
@@ -0,0 +1 @@
+Require all denied
diff --git a/extensions/index.html b/extensions/index.html
new file mode 100644
index 000000000..85faaa37e
--- /dev/null
+++ b/extensions/index.html
@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-GB" lang="en-GB">
+<head>
+<meta charset="UTF-8" />
+<meta http-equiv="Refresh" content="0; url=/" />
+<title>Redirection</title>
+<meta name="robots" content="noindex" />
+</head>
+
+<body>
+<p><a href="/">Redirection</a></p>
+</body>
+</html>
diff --git a/lib/.htaccess b/lib/.htaccess
index 32eca30f7..b66e80882 100644
--- a/lib/.htaccess
+++ b/lib/.htaccess
@@ -1,11 +1 @@
-# Apache 2.2
-<IfModule !mod_authz_core.c>
- Order Allow,Deny
- Deny from all
- Satisfy all
-</IfModule>
-
-# Apache 2.4
-<IfModule mod_authz_core.c>
- Require all denied
-</IfModule>
+Require all denied
diff --git a/lib/index.html b/lib/index.html
new file mode 100644
index 000000000..85faaa37e
--- /dev/null
+++ b/lib/index.html
@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-GB" lang="en-GB">
+<head>
+<meta charset="UTF-8" />
+<meta http-equiv="Refresh" content="0; url=/" />
+<title>Redirection</title>
+<meta name="robots" content="noindex" />
+</head>
+
+<body>
+<p><a href="/">Redirection</a></p>
+</body>
+</html>
diff --git a/p/.htaccess b/p/.htaccess
index 70bc34710..94c4e08e5 100644
--- a/p/.htaccess
+++ b/p/.htaccess
@@ -1,3 +1,10 @@
+<IfModule mod_authz_core.c>
+ # Deny files starting with a dot, or without extension, or not in a whitelist of extensions
+ <FilesMatch "^\.|^[^.]+$|\.(?!css|gif|html|ico|js|php|png|svg|txt|woff|woff2)[^.]*$">
+ Require all denied
+ </FilesMatch>
+</IfModule>
+
<IfModule mod_dir.c>
DirectoryIndex index.php index.html
</IfModule>
diff --git a/tests/.htaccess b/tests/.htaccess
new file mode 100644
index 000000000..b66e80882
--- /dev/null
+++ b/tests/.htaccess
@@ -0,0 +1 @@
+Require all denied
diff --git a/tests/index.html b/tests/index.html
new file mode 100644
index 000000000..85faaa37e
--- /dev/null
+++ b/tests/index.html
@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-GB" lang="en-GB">
+<head>
+<meta charset="UTF-8" />
+<meta http-equiv="Refresh" content="0; url=/" />
+<title>Redirection</title>
+<meta name="robots" content="noindex" />
+</head>
+
+<body>
+<p><a href="/">Redirection</a></p>
+</body>
+</html>
generated by cgit v1.2.3 (git 2.39.1) at 2026-02-10 12:02:10 +0000