From 23523175f38a4aa5a21a6f98ef44918e2b6774f6 Mon Sep 17 00:00:00 2001 From: Ingo Schommer Date: Fri, 15 Feb 2013 19:13:41 +0100 Subject: [PATCH] API Filter composer files in IIS and Apache rules (fixes #8011) They can expose version information, so shouldn't be accessible through the web. The better solution of course is to move to a public/ subfolder application structure. --- .htaccess | 2 ++ web.config | 14 +++++++++++++- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/.htaccess b/.htaccess index 81ef22c..4cda2c7 100644 --- a/.htaccess +++ b/.htaccess @@ -15,6 +15,8 @@ ErrorDocument 500 /assets/error-500.html RedirectMatch 403 /silverstripe-cache(/|$) + RedirectMatch 403 /vendor(/|$) + RedirectMatch 403 /composer\.(json|lock) diff --git a/web.config b/web.config index a04afa1..1d956b5 100644 --- a/web.config +++ b/web.config @@ -1,5 +1,17 @@ - + + + + + + + + + + + + + \ No newline at end of file