BUGFIX Disallow web access to cms/silverstripe_version to avoid information leakage (from r114770)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/branches/2.3@114772 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Ingo Schommer 2010-12-09 22:52:31 +00:00 committed by Sam Minnee
parent d3906c93f5
commit f3d1b0d08c
2 changed files with 16 additions and 2 deletions

View File

@ -1,3 +1,6 @@
<Files *.php>
<FilesMatch "\.(php|php3|php4|php5|phtml|inc)$">
Deny from all
</Files>
</FilesMatch>
<FilesMatch "silverstripe_version$">
Deny from all
</FilesMatch>

11
web.config Normal file
View File

@ -0,0 +1,11 @@
<configuration>
<system.webServer>
<security>
<requestFiltering>
<hiddenSegments>
<add segment="silverstripe_version" />
</hiddenSegments>
</requestFiltering>
</security>
</system.webServer>
</configuration>