A few more security-related entries added.

2025-08-04 21:57:51 +02:00 · 2013-02-05 11:07:57 -08:00
parent bc865d9790
commit 4d60153fe2
1 changed files with 23 additions and 12 deletions
--- a/e107.htaccess
+++ b/e107.htaccess
@@ -7,38 +7,49 @@
 	ErrorDocument 500 /error.php?500
 </FilesMatch>
 ### Performance
 	AddDefaultCharset utf-8
 ### Security
 	ServerSignature Off
 # secure htaccess file
 <Files .htaccess>
-order allow,deny
+	order allow,deny
-deny from all
+	deny from all
 </Files>
 # protect e107_config.php
 <Files e107_config.php>
-order allow,deny
+	order allow,deny
-deny from all
+	deny from all
 </Files>
 # Block Bad Bots
 # SetEnvIfNoCase ^User-Agent$ .*(craftbot|download|extract|stripper|sucker|ninja|clshttp|webspider|leacher|collector|grabber|webpictures) HTTP_SAFE_BADBOT
 # SetEnvIfNoCase ^User-Agent$ .*(libwww-perl|aesop_com_spiderman) HTTP_SAFE_BADBOT
 # Deny from env=HTTP_SAFE_BADBOT
 ### Block Bad Bots
 	SetEnvIfNoCase ^User-Agent$ .*(craftbot|download|extract|stripper|sucker|ninja|clshttp|webspider|leacher|collector|grabber|webpictures) HTTP_SAFE_BADBOT
 	SetEnvIfNoCase ^User-Agent$ .*(libwww-perl|aesop_com_spiderman) HTTP_SAFE_BADBOT
 	Deny from env=HTTP_SAFE_BADBOT
-# Disable directory browsing
+### Disable directory listing
-Options All -Indexes
+	Options All -Indexes
-# limit file uploads to 10mb
+### limit file uploads to 10mb
-# LimitRequestBody 10240000
+### LimitRequestBody 10240000
 <IfModule mod_rewrite.c>
 ### enable rewrites
 	Options +FollowSymLinks 
 	RewriteEngine On
 ### Set this to your e107 site root, path relative to web root
 ### Uncomment it in case your server isn't able to rewrite proper 
 	#RewriteBase /
 ### Allow only GET and POST methods
 	RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS|HEAD)
 	RewriteRule .* - [F]
 ### send 404 on missing files in these folders 
 	RewriteCond %{REQUEST_URI} !^/(e107_images|e107_files)/