tonyair/silverstripe-installer
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-installer synced 2024-10-22 17:05:33 +02:00
Code Issues Projects Releases Wiki Activity

API Filter composer files in IIS and Apache rules (fixes #8011)

Browse Source 
They can expose version information, so shouldn't be accessible
through the web. The better solution of course is to move
to a public/ subfolder application structure.
This commit is contained in:
Ingo Schommer 2013-02-15 19:13:41 +01:00
parent 52590b9019
commit 23523175f3
2 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.htaccess
View File

@ -15,6 +15,8 @@ ErrorDocument 500 /assets/error-500.html
<IfModule mod_alias.c> <IfModule mod_alias.c>
RedirectMatch 403 /silverstripe-cache(/|$) RedirectMatch 403 /silverstripe-cache(/|$)
RedirectMatch 403 /vendor(/|$)
RedirectMatch 403 /composer\.(json|lock)
</IfModule> </IfModule>
<IfModule mod_rewrite.c> <IfModule mod_rewrite.c>

14
web.config
View File

@ -1,5 +1,17 @@
<?xml version="1.0" encoding="utf-8"?>
<configuration> <configuration>
<system.webServer> <system.webServer>
<security>
<requestFiltering>
<hiddenSegments>
<add segment="silverstripe-cache/" />
<add segment="vendor" />
<add segment="composer.json" />
<add segment="composer.lock" />
</hiddenSegments>
<fileExtensions allowUnlisted="true" >
<add fileExtension=".ss" allowed="false"/>
</fileExtensions>
</requestFiltering>
</security>
</system.webServer> </system.webServer>
</configuration> </configuration>