From 979701668da4ee7a4a14af0935af90f7a2df4ff3 Mon Sep 17 00:00:00 2001 From: Joris Debonnet Date: Fri, 4 May 2018 03:57:48 +0200 Subject: [PATCH] Deny access to dot files and folders --- .htaccess | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.htaccess b/.htaccess index 81693c6..c40542d 100644 --- a/.htaccess +++ b/.htaccess @@ -45,9 +45,10 @@ ErrorDocument 500 /assets/error-500.html # Deny access to potentially sensitive files and folders RewriteRule ^vendor(/|$) - [F,L,NC] - RewriteRule silverstripe-cache(/|$) - [F,L,NC] - RewriteRule composer\.(json|lock) - [F,L,NC] - + RewriteRule ^silverstripe-cache(/|$) - [F,L,NC] + RewriteRule ^composer\.(json|lock)$ - [F,L,NC] + RewriteRule ^\. - [F,L,NC] + # Process through SilverStripe if no file with the requested name exists. # Pass through the original path as a query parameter, and retain the existing parameters. RewriteCond %{REQUEST_URI} ^(.*)$