Commit f6acf281 authored by anarcat's avatar anarcat

1108810 - protect private and tmp files in SSL vhosts too

parent 395b708a
...@@ -55,6 +55,16 @@ if (sizeof($this->aliases)) { ...@@ -55,6 +55,16 @@ if (sizeof($this->aliases)) {
SetHandler This_is_a_Drupal_security_line_do_not_remove SetHandler This_is_a_Drupal_security_line_do_not_remove
</Directory> </Directory>
# Prevent direct reading of files in the private dir.
# This is for Drupal7 compatibility, which would normally drop
# a .htaccess in those directories, but we explicitly ignore those
<DirectoryMatch "<?php print $this->site_path; ?>/private/(files|temp)/" >
SetHandler This_is_a_Drupal_security_line_do_not_remove
Deny from all
Options None
Options +FollowSymLinks
</DirectoryMatch>
</VirtualHost> </VirtualHost>
<?php endif; ?> <?php endif; ?>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment