Apache 2.4

4 posts by 3 authors in: Forums > CMS Builder
Last Post: December 27, 2023   (RSS)

By jenolan - December 23, 2023 - edited: December 23, 2023

The base .htaccess file needs to be amended slightly near line 29  the filesmatch 

  # Security: Deny access to common configuration and data files
  # eg: .htaccess, php.ini, .user.ini, php_errors.log, php_errors.log.php, backup.sql, settings.dat.php, file.defaultSqlData.php, backup.sql, etc
  <IfModule !mod_authz_core.c>
    <FilesMatch "\.(htaccess|ini|log|dat|defaultSqlData|sql)(\.php)?$">
      Order Deny,Allow
      Deny from All
    </FilesMatch>
  </IfModule>
  <IfModule mod_authz_core.c>
    <FilesMatch "\.(htaccess|ini|log|dat|defaultSqlData|sql)(\.php)?$">
      Require all denied
    </FilesMatch>
  </IfModule>
---



Peace and Long Life

My preferred htacces to protect files. Move file match to outer for DRY

# Block access to files that can expose sensitive information.
#
# By default, block access to backup and source files that may be
# left by some text editors and can pose a security risk when anyone
# has access to them.
#
# https://feross.org/cmsploit/
#
# (!) Update the `<FilesMatch>` regular expression from below to
# include any files that might end up on your production server and
# can expose sensitive information about your website. These files may
# include: configuration files, files that contain metadata about the
# project (e.g.: project dependencies), build scripts, etc..

<FilesMatch "(^#.*#|\.(bak|conf|defaultSqlData|dist|dat|fla|htaccess|in[ci]|log|psd|sh|sql|sw[op])|~)(\.php)?$">

    # Apache < 2.3
    <IfModule !mod_authz_core.c>
        Order allow,deny
        Deny from all
        Satisfy All
    </IfModule>

    # Apache ≥ 2.3
    <IfModule mod_authz_core.c>
        Require all denied
    </IfModule>

</FilesMatch>
Jeff Shields

By Dave - December 27, 2023

Hi Guys, 

Thanks for the Apache fix and code streamlining.  That's great, and we'll include both in the next beta.

Cheers! 

Dave Edis - Senior Developer
interactivetools.com