BUGFIX Disallow web access to sapphire/silverstripe_version to avoid information leakage (from r114773)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114774 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Ingo Schommer 2010-12-09 22:54:18 +00:00 committed by Sam Minnee
parent 397bbe7bb5
commit 872e188268
2 changed files with 14 additions and 0 deletions

View File

@ -3,4 +3,7 @@
</FilesMatch>
<FilesMatch "(main|static-main|rpc)\.php$">
Allow from all
</FilesMatch>
<FilesMatch "silverstripe_version$">
Deny from all
</FilesMatch>

11
web.config Normal file
View File

@ -0,0 +1,11 @@
<configuration>
<system.webServer>
<security>
<requestFiltering>
<hiddenSegments>
<add segment="silverstripe_version" />
</hiddenSegments>
</requestFiltering>
</security>
</system.webServer>
</configuration>