BUGFIX Disallow web access to sapphire/silverstripe_version to avoid information leakage (from r114773)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@114776 467b73ca-7a2a-4603-9d3b-597d59a354a9
2024-10-22 14:05:37 +02:00 · 2010-12-09 22:55:36 +00:00 · 2010-12-09 22:55:36 +00:00 · 459a524388
commit 459a524388
parent 061d2ecc0e
2 changed files with 18 additions and 7 deletions
--- a/.htaccess
+++ b/.htaccess
@ -1,9 +1,9 @@
-<Files *.php>
+<FilesMatch "\.(php|php3|php4|php5|phtml|inc)$">
 	Deny from all
-</Files>
-<Files static-main.php>
+</FilesMatch>
+<FilesMatch "(main|static-main|rpc)\.php$">
 	Allow from all
-</Files>
-<Files main.php>
-	Allow from all
-</Files>
+</FilesMatch>
+<FilesMatch "silverstripe_version$">
+	Deny from all
+</FilesMatch>
--- a/web.config
+++ b/web.config
@ -0,0 +1,11 @@
+<configuration>
+	<system.webServer>
+		<security>
+			<requestFiltering>
+				<hiddenSegments>
+					<add segment="silverstripe_version" />
+				</hiddenSegments>
+			</requestFiltering>
+		</security>
+	</system.webServer>
+</configuration>