Changeset 1423


Ignore:
Timestamp:
03/17/18 09:10:51 (7 months ago)
Author:
gogo
Message:

Deny all access to contrib from the web (assuming an apache server).

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/contrib/.htaccess

    r1250 r1423  
    1010RemoveHandler .php4 
    1111RemoveHandler .php3 
     12 
     13# Nothing in the contrib directory should be accessed from a web browser at all 
     14# so we will setup some blanket rules to deny access 
     15 
     16# Apache < 2.3 
     17<IfModule !mod_authz_core.c> 
     18    # Deny,Allow means 
     19    #  if both match then allow, 
     20    #  else if neither match then allow, 
     21    #  else if deny matches then deny, 
     22    #  else if allow matches then allow       
     23    Order Deny,Allow 
     24    Deny from all 
     25    Allow from none 
     26</IfModule> 
     27 
     28# Apache >= 2.3 
     29<IfModule mod_authz_core.c> 
     30   
     31  # Which has the compatibility module, we will have to use 
     32  #  this also to make sure that is denied in case the 
     33  #  vhose includes old rules too which would override 
     34  #  the new Require directives 
     35  <IfModule mod_access_compat.c> 
     36    Order Deny,Allow 
     37    Deny from all 
     38    Allow from none 
     39  </IfModule> 
     40   
     41  # Finally Apache >= 2.3 properly (why did they make this so confusing) 
     42  <RequireAny> 
     43    # Deny everybody by default 
     44    Require all denied 
     45  </RequireAny> 
     46</IfModule> 
Note: See TracChangeset for help on using the changeset viewer.