silverstripe-installer/web.config
Ingo Schommer 23523175f3 API Filter composer files in IIS and Apache rules (fixes #8011)
They can expose version information, so shouldn't be accessible
through the web. The better solution of course is to move
to a public/ subfolder application structure.
2013-02-15 19:13:41 +01:00

17 lines
448 B
Plaintext

<configuration>
<system.webServer>
<security>
<requestFiltering>
<hiddenSegments>
<add segment="silverstripe-cache/" />
<add segment="vendor" />
<add segment="composer.json" />
<add segment="composer.lock" />
</hiddenSegments>
<fileExtensions allowUnlisted="true" >
<add fileExtension=".ss" allowed="false"/>
</fileExtensions>
</requestFiltering>
</security>
</system.webServer>
</configuration>