mirror of
https://github.com/silverstripe/silverstripe-installer
synced 2024-06-22 20:49:27 +02:00
23523175f3
They can expose version information, so shouldn't be accessible through the web. The better solution of course is to move to a public/ subfolder application structure.
17 lines
448 B
Plaintext
17 lines
448 B
Plaintext
<configuration>
|
|
<system.webServer>
|
|
<security>
|
|
<requestFiltering>
|
|
<hiddenSegments>
|
|
<add segment="silverstripe-cache/" />
|
|
<add segment="vendor" />
|
|
<add segment="composer.json" />
|
|
<add segment="composer.lock" />
|
|
</hiddenSegments>
|
|
<fileExtensions allowUnlisted="true" >
|
|
<add fileExtension=".ss" allowed="false"/>
|
|
</fileExtensions>
|
|
</requestFiltering>
|
|
</security>
|
|
</system.webServer>
|
|
</configuration> |