Skip to content
Snippets Groups Projects
Commit ff18c8e1 authored by Dries Buytaert's avatar Dries Buytaert
Browse files 

Fixed a security flaw:

.inc files can be read from the web including `config.inc' which contains
the account information (login, password) to the MySQL database.  Apache
has now been setup to deny access to all *.inc files from the web.
parent 00526756
Branches
Tags
2 merge requests!7452Issue #1797438. HTML5 validation is preventing form submit and not fully...,!789Issue #3210310: Adjust Database API to remove deprecated Drupal 9 code in Drupal 10
Hide whitespace changes
Inline Side-by-side
Showing
with 11 additions and 3 deletions
.htaccess
+ 11
3
View file @ ff18c8e1
......@@ -3,9 +3,17 @@
#
# Archive feature:
#<Files archive>
# ForceType application/x-httpd-php
#</Files>
<Files archive>
ForceType application/x-httpd-php
</Files>
# Protect .inc files:
# .inc files can be read from the web so make sure we keep it
# away from the casual prying eyes. Especially `config.inc'.
<Files *.inc>
order deny, allow
deny from all
</Files>
# Customized server error messages:
ErrorDocument 400 /error.php
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment