From becc5baa344e4307027c1a01ec96f3c2d574b9ab Mon Sep 17 00:00:00 2001 From: Hamish Friedlander Date: Thu, 13 Dec 2012 09:02:56 +1300 Subject: [PATCH] API Block all yaml files by default, to reduce the change of information leakage --- .htaccess | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.htaccess b/.htaccess index 71c5a9f..132464b 100644 --- a/.htaccess +++ b/.htaccess @@ -10,6 +10,13 @@ Deny from all +# This denies access to all yml files, since developers might include sensitive +# information in them. See the docs for work-arounds to serve some yaml files + + Order allow,deny + Deny from all + + ErrorDocument 404 /assets/error-404.html ErrorDocument 500 /assets/error-500.html