1
0
mirror of https://github.com/phpbb/phpbb.git synced 2025-10-24 13:16:16 +02:00
Files
php-phpbb/phpBB/files/.htaccess
MichaIng eff277a872 [ticket/16556] Remove purposeless <Files "*"> from .htaccess
Wrapping access permissions into <Files "*"> at best has zero effect
and implies unnecessary code and parsing for the web server. At least
it does not block access to files only, but still denies auto indexing
and access to sub directories effectively as well. But removing this
directive is still the cleaner and safer way to deny access to any
kind of resource that is provided within the directory in question.

To deny access to migration data, a single .htaccess file can be used.
This reduces the effort for future changes and it is not required
anymore to create new .htaccess files for every new migration
directory.

Additionally this corrects the fact the "Require" is part of
"mod_authz_core", not "mod_authz_host".

PHPBB3-16556

Signed-off-by: MichaIng <micha@dietpi.com>
2020-09-01 18:19:13 +02:00

26 lines
868 B
ApacheConf

# With Apache 2.4 the "Order, Deny" syntax has been deprecated and moved from
# module mod_authz_host to a new module called mod_access_compat (which may be
# disabled) and a new "Require" syntax has been introduced to mod_authz_core.
# We could just conditionally provide both versions, but unfortunately Apache
# does not explicitly tell us its version if the module mod_version is not
# available. In this case, we check for the availability of module
# mod_authz_core (which should be on 2.4 or higher only) as a best guess.
<IfModule mod_version.c>
<IfVersion < 2.4>
Order Allow,Deny
Deny from All
</IfVersion>
<IfVersion >= 2.4>
Require all denied
</IfVersion>
</IfModule>
<IfModule !mod_version.c>
<IfModule !mod_authz_core.c>
Order Allow,Deny
Deny from All
</IfModule>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
</IfModule>