Ensure composer files aren't accessible using IIS

2024-10-22 14:05:37 +02:00 · 2013-04-03 15:59:14 +13:00 · 2013-04-03 15:59:14 +13:00 · a99c829ed1
commit a99c829ed1
parent df4d7428fa
1 changed files with 7 additions and 0 deletions
--- a/dev/install/install.php5
+++ b/dev/install/install.php5
@ -1325,7 +1325,14 @@ TEXT;
 			<requestFiltering>
 				<hiddenSegments applyToWebDAV="false">
 					<add segment="silverstripe-cache" />
+					<add segment="vendor" />
+					<add segment="composer.json" />
+					<add segment="composer.lock" />
 				</hiddenSegments>
+				<fileExtensions allowUnlisted="true" >
+					<add fileExtension=".ss" allowed="false"/>
+					<add fileExtension=".yml" allowed="false"/>
+				</fileExtensions>
 			</requestFiltering>
 		</security>
 		<rewrite>