Apache 2.4
4 posts by 3 authors in: Forums > CMS Builder
Last Post: December 27, 2023 (RSS)
By jenolan - December 23, 2023 - edited: December 23, 2023
The base .htaccess file needs to be amended slightly near line 29 the filesmatch
# Security: Deny access to common configuration and data files
# eg: .htaccess, php.ini, .user.ini, php_errors.log, php_errors.log.php, backup.sql, settings.dat.php, file.defaultSqlData.php, backup.sql, etc
<IfModule !mod_authz_core.c>
<FilesMatch "\.(htaccess|ini|log|dat|defaultSqlData|sql)(\.php)?$">
Order Deny,Allow
Deny from All
</FilesMatch>
</IfModule>
<IfModule mod_authz_core.c>
<FilesMatch "\.(htaccess|ini|log|dat|defaultSqlData|sql)(\.php)?$">
Require all denied
</FilesMatch>
</IfModule>Peace and Long Life
My preferred htacces to protect files. Move file match to outer for DRY
# Block access to files that can expose sensitive information.
#
# By default, block access to backup and source files that may be
# left by some text editors and can pose a security risk when anyone
# has access to them.
#
# https://feross.org/cmsploit/
#
# (!) Update the `<FilesMatch>` regular expression from below to
# include any files that might end up on your production server and
# can expose sensitive information about your website. These files may
# include: configuration files, files that contain metadata about the
# project (e.g.: project dependencies), build scripts, etc..
<FilesMatch "(^#.*#|\.(bak|conf|defaultSqlData|dist|dat|fla|htaccess|in[ci]|log|psd|sh|sql|sw[op])|~)(\.php)?$">
# Apache < 2.3
<IfModule !mod_authz_core.c>
Order allow,deny
Deny from all
Satisfy All
</IfModule>
# Apache ≥ 2.3
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
</FilesMatch>By jenolan - December 26, 2023
Will have a look, I only did the 'fix' so that the htaccess would work ;-)
Peace and Long Life
By Dave - December 27, 2023
Hi Guys,
Thanks for the Apache fix and code streamlining. That's great, and we'll include both in the next beta.
Cheers!
interactivetools.com