Permalink
Browse files

BUGFIX Disallow web access to cms/silverstripe_version to avoid infor…

…mation leakage

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/trunk@114770 467b73ca-7a2a-4603-9d3b-597d59a354a9
  • Loading branch information...
chillu committed Dec 9, 2010
1 parent a11b1dd commit f298fc2a2d004d0dfb7cbb37fffc45ebbf39c4d8
Showing with 14 additions and 0 deletions.
  1. +3 −0 .htaccess
  2. +11 −0 web.config
View
@@ -1,3 +1,6 @@
<FilesMatch "\.(php|php3|php4|php5|phtml|inc)$">
Deny from all
+</FilesMatch>
+<FilesMatch "silverstripe_version$">
+ Deny from all
</FilesMatch>
View
@@ -0,0 +1,11 @@
+<configuration>
+ <system.webServer>
+ <security>
+ <requestFiltering>
+ <hiddenSegments>
+ <add segment="silverstripe_version" />
+ </hiddenSegments>
+ </requestFiltering>
+ </security>
+ </system.webServer>
+</configuration>

0 comments on commit f298fc2

Please sign in to comment.