From 4b5c52e382adfaf78ef4b9c7260bab3bab347a73 Mon Sep 17 00:00:00 2001
From: andi <andi@splitbrain.org>
Date: Wed, 4 May 2005 20:14:47 +0200
Subject: [PATCH] .htaccess changes #302

darcs-hash:20050504181447-9977f-e61b087889c34847c5e37e23b6181ed20363b4ea.gz
---
 .htaccess.dist  |  5 ++++-
 media/.htaccess | 11 ++---------
 2 files changed, 6 insertions(+), 10 deletions(-)

diff --git a/.htaccess.dist b/.htaccess.dist
index 4cd3384df..c77ee05f0 100644
--- a/.htaccess.dist
+++ b/.htaccess.dist
@@ -1,7 +1,10 @@
 ## Enable this to restrict editing to logged in users only
 
+#disable indexes
+Options -Indexes
+
 ## make sure nobody gets the htaccess files
-<Files ~ "^\.ht">
+<Files ~ "^[\._]ht">
     Order allow,deny
     Deny from all
     Satisfy All
diff --git a/media/.htaccess b/media/.htaccess
index ebf9a69e8..9c96d3742 100644
--- a/media/.htaccess
+++ b/media/.htaccess
@@ -1,9 +1,2 @@
-## The following directives should enhance security in the media
-## directory. However they are reported to make some trouble with
-## Apache2 and/or when PHP is used as CGI.
-## They are not really needed anymore as the upload mechanism
-## now is controlled through $conf['uploadtypes'] - but you may want
-## to try if they work for you. Some more security is always nice :-)
-
-# php_value engine off
-# AddType text/plain .php .phtml .php3 .html .htm .shtml
+order allow,deny
+deny from all
-- 
GitLab