Skip to content
Snippets Groups Projects
Commit ff18c8e1 authored by Dries Buytaert's avatar Dries Buytaert
Browse files 

Fixed a security flaw:

.inc files can be read from the web including `config.inc' which contains
the account information (login, password) to the MySQL database.  Apache
has now been setup to deny access to all *.inc files from the web.
parent 00526756
No related branches found
No related tags found
2 merge requests!7452Issue #1797438. HTML5 validation is preventing form submit and not fully...,!789Issue #3210310: Adjust Database API to remove deprecated Drupal 9 code in Drupal 10
Hide whitespace changes
Inline Side-by-side
Showing
with 11 additions and 3 deletions
.htaccess
+ 11
3
View file @ ff18c8e1
...@@ -3,9 +3,17 @@ ...@@ -3,9 +3,17 @@
# #
# Archive feature: # Archive feature:
#<Files archive> <Files archive>
# ForceType application/x-httpd-php ForceType application/x-httpd-php
#</Files> </Files>
# Protect .inc files:
# .inc files can be read from the web so make sure we keep it
# away from the casual prying eyes. Especially `config.inc'.
<Files *.inc>
order deny, allow
deny from all
</Files>
# Customized server error messages: # Customized server error messages:
ErrorDocument 400 /error.php ErrorDocument 400 /error.php
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment