Commit 23ccccd0 authored by anarcat's avatar anarcat

1108810 - protect private and tmp files in SSL vhosts too

parent 549125a6
......@@ -51,6 +51,16 @@ if (sizeof($this->aliases)) {
SetHandler This_is_a_Drupal_security_line_do_not_remove
</Directory>
# Prevent direct reading of files in the private dir.
# This is for Drupal7 compatibility, which would normally drop
# a .htaccess in those directories, but we explicitly ignore those
<DirectoryMatch "<?php print $this->site_path; ?>/private/(files|temp)/" >
SetHandler This_is_a_Drupal_security_line_do_not_remove
Deny from all
Options None
Options +FollowSymLinks
</DirectoryMatch>
</VirtualHost>
<?php endif; ?>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment