[security] Update .htaccess

Access to composer files should not be world readable as a malicious user could find information on outdated libraries.
2025-01-17 06:08:21 +01:00 · 2017-02-06 22:26:13 +01:00 · 2017-02-06 22:26:13 +01:00 · 879345414e
commit 879345414e
parent a1208b3a15
1 changed files with 11 additions and 0 deletions
--- a/.htaccess.dist
+++ b/.htaccess.dist
@ -18,3 +18,14 @@ RewriteRule .? - [L]
 RewriteRule .? %{ENV:BASE}/index.php [L]

 </IfModule>
+
+# Config files from vendor should not be readable via browser
+<FilesMatch "composer.json">
+    Order Allow,Deny
+    Deny from All
+</FilesMatch>
+
+<FilesMatch "composer.lock">
+    Order Allow,Deny
+    Deny from All
+</FilesMatch>