BUGFIX Disallow web access to sapphire/silverstripe_version to avoid information leakage (from r114773)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@114776 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Ingo Schommer 2010-12-09 22:55:36 +00:00 committed by Sam Minnee
parent 061d2ecc0e
commit 459a524388
2 changed files with 18 additions and 7 deletions

View File

@ -1,9 +1,9 @@
<Files *.php> <FilesMatch "\.(php|php3|php4|php5|phtml|inc)$">
Deny from all Deny from all
</Files> </FilesMatch>
<Files static-main.php> <FilesMatch "(main|static-main|rpc)\.php$">
Allow from all Allow from all
</Files> </FilesMatch>
<Files main.php> <FilesMatch "silverstripe_version$">
Allow from all Deny from all
</Files> </FilesMatch>

11
web.config Normal file
View File

@ -0,0 +1,11 @@
<configuration>
<system.webServer>
<security>
<requestFiltering>
<hiddenSegments>
<add segment="silverstripe_version" />
</hiddenSegments>
</requestFiltering>
</security>
</system.webServer>
</configuration>