Add .htaccess file to config directory
This commit is contained in:
parent
f29f27d82f
commit
40fb922765
1 changed files with 24 additions and 0 deletions
24
config/.htaccess
Normal file
24
config/.htaccess
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
# Deny all requests from Apache 2.4+.
|
||||||
|
<IfModule mod_authz_core.c>
|
||||||
|
Require all denied
|
||||||
|
</IfModule>
|
||||||
|
|
||||||
|
# Deny all requests from Apache 2.0-2.2.
|
||||||
|
<IfModule !mod_authz_core.c>
|
||||||
|
Deny from all
|
||||||
|
</IfModule>
|
||||||
|
|
||||||
|
# Turn off all options we don't need.
|
||||||
|
Options -Indexes -ExecCGI -Includes -MultiViews
|
||||||
|
|
||||||
|
# Set the catch-all handler to prevent scripts from being executed.
|
||||||
|
SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006
|
||||||
|
<Files *>
|
||||||
|
# Override the handler again if we're run later in the evaluation list.
|
||||||
|
SetHandler Drupal_Security_Do_Not_Remove_See_SA_2013_003
|
||||||
|
</Files>
|
||||||
|
|
||||||
|
# If we know how to do it safely, disable the PHP engine entirely.
|
||||||
|
<IfModule mod_php.c>
|
||||||
|
php_flag engine off
|
||||||
|
</IfModule>
|
Loading…
Reference in a new issue