From 98135df7d3cfbaad4c1b5b224d71ceb40cf2441f Mon Sep 17 00:00:00 2001
From: Ingo Schommer <ingo@silverstripe.com>
Date: Sun, 17 Feb 2013 21:04:58 +0100
Subject: [PATCH] Prevent YAML access in IIS by default (fixes #8233)

Since SS3 keeps values in configuration, direct access
to known paths might expose them
---
 web.config | 1 +
 1 file changed, 1 insertion(+)

diff --git a/web.config b/web.config
index 1d956b5..56df27f 100644
--- a/web.config
+++ b/web.config
@@ -10,6 +10,7 @@
 				</hiddenSegments>
 				<fileExtensions allowUnlisted="true" >
 					<add fileExtension=".ss" allowed="false"/>
+					<add fileExtension=".yml" allowed="false"/>
 				</fileExtensions>
 			</requestFiltering>
 		</security>