Skip to content
Browse files

BUGFIX Disallow web access to sapphire/silverstripe_version to avoid …

…information leakage (from r114773)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114774 467b73ca-7a2a-4603-9d3b-597d59a354a9
  • Loading branch information...
1 parent 397bbe7 commit 872e188268996d9ba73df0cc0d3f2d97fe945621 @chillu chillu committed with sminnee Dec 9, 2010
Showing with 14 additions and 0 deletions.
  1. +3 −0 .htaccess
  2. +11 −0 web.config
View
3 .htaccess
@@ -3,4 +3,7 @@
</FilesMatch>
<FilesMatch "(main|static-main|rpc)\.php$">
Allow from all
+</FilesMatch>
+<FilesMatch "silverstripe_version$">
+ Deny from all
</FilesMatch>
View
11 web.config
@@ -0,0 +1,11 @@
+<configuration>
+ <system.webServer>
+ <security>
+ <requestFiltering>
+ <hiddenSegments>
+ <add segment="silverstripe_version" />
+ </hiddenSegments>
+ </requestFiltering>
+ </security>
+ </system.webServer>
+</configuration>

0 comments on commit 872e188

Please sign in to comment.
Something went wrong with that request. Please try again.