Skip to content
Permalink
Browse files Browse the repository at this point in the history
Add .htaccess files to deny access to config, temp, logs + describe h…
…ow to protect access to these directories in the INSTALL instructions (#1490378)
  • Loading branch information
thomascube committed May 7, 2015
1 parent e84fafc commit 012555c
Show file tree
Hide file tree
Showing 4 changed files with 23 additions and 0 deletions.
17 changes: 17 additions & 0 deletions INSTALL
Expand Up @@ -153,6 +153,23 @@ increase the allowed size of file attachments, for example:
php_value upload_max_filesize 2M


SECURE YOUR INSTALLATION
========================

Access through the webserver to the following directories should be denied:

/config
/temp
/logs

Roundcube uses .htaccess files to protect these directories, so be sure to
allow override of the Limit directives to get them taken into account. The
package also ships a .htaccess file in the root directory which defines some
rewrite rules. In order to properly secure your installation, please enable
mod_rewrite for Apache webserver and double check access to the above listed
directories and their contents is denied.


UPGRADING
=========

Expand Down
2 changes: 2 additions & 0 deletions config/.htaccess
@@ -0,0 +1,2 @@
# deny webserver access to this directory
Deny from all
2 changes: 2 additions & 0 deletions logs/.htaccess
@@ -0,0 +1,2 @@
# deny webserver access to this directory
Deny from all
2 changes: 2 additions & 0 deletions temp/.htaccess
@@ -0,0 +1,2 @@
# deny webserver access to this directory
Deny from all

0 comments on commit 012555c

Please sign in to comment.