From 91624037c7d73eb545478aab2f8abc55fc224453 Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Fri, 11 Oct 2024 09:25:43 +0200
Subject: Apache protect more non-public folders and files (#6881)

* Apache protect more non-public folders

* Also protect root

* Do the same for /p/

* Simplify Require all denied
In case of Apache 2.2, it will just make an error 500 instead of 403

* .htaccess.dist

* Simplify

* Better comment
---
 p/.htaccess | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'p')

diff --git a/p/.htaccess b/p/.htaccess
index 70bc34710..94c4e08e5 100644
--- a/p/.htaccess
+++ b/p/.htaccess
@@ -1,3 +1,10 @@
+<IfModule mod_authz_core.c>
+	# Deny files starting with a dot, or without extension, or not in a whitelist of extensions
+	<FilesMatch "^\.|^[^.]+$|\.(?!css|gif|html|ico|js|php|png|svg|txt|woff|woff2)[^.]*$">
+		Require all denied
+	</FilesMatch>
+</IfModule>
+
 <IfModule mod_dir.c>
 	DirectoryIndex	index.php index.html
 </IfModule>
-- 
cgit v1.2.3