Permalink
Browse files

BUGFIX Disallow web access to cms/silverstripe_version to avoid infor…

…mation leakage (from r114770)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/cms/branches/2.3@114772 467b73ca-7a2a-4603-9d3b-597d59a354a9
  • Loading branch information...
1 parent d3906c9 commit f3d1b0d08cf0de406e13b0d7f26b9be1f6c239ef @chillu chillu committed with sminnee Dec 9, 2010
Showing with 16 additions and 2 deletions.
  1. +5 −2 .htaccess
  2. +11 −0 web.config
View
@@ -1,3 +1,6 @@
-<Files *.php>
+<FilesMatch "\.(php|php3|php4|php5|phtml|inc)$">
Deny from all
-</Files>
+</FilesMatch>
+<FilesMatch "silverstripe_version$">
+ Deny from all
+</FilesMatch>
View
@@ -0,0 +1,11 @@
+<configuration>
+ <system.webServer>
+ <security>
+ <requestFiltering>
+ <hiddenSegments>
+ <add segment="silverstripe_version" />
+ </hiddenSegments>
+ </requestFiltering>
+ </security>
+ </system.webServer>
+</configuration>

0 comments on commit f3d1b0d

Please sign in to comment.