API Block all yaml files by default, to reduce the change of information leakage

This commit is contained in:
Hamish Friedlander 2012-12-13 09:02:56 +13:00 committed by Ingo Schommer
parent 98135df7d3
commit becc5baa34

View File

@ -10,6 +10,13 @@
Deny from all Deny from all
</Files> </Files>
# This denies access to all yml files, since developers might include sensitive
# information in them. See the docs for work-arounds to serve some yaml files
<Files *.yml>
Order allow,deny
Deny from all
</Files>
ErrorDocument 404 /assets/error-404.html ErrorDocument 404 /assets/error-404.html
ErrorDocument 500 /assets/error-500.html ErrorDocument 500 /assets/error-500.html