Permalink
Browse files

#5870 Block web requests to silverstripe-cache directory via htaccess…

… RedirectMatch rule or web.config hiddenSegments functionality if using IIS 7.x (from r110241)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/phpinstaller/trunk@112417 467b73ca-7a2a-4603-9d3b-597d59a354a9
  • Loading branch information...
1 parent dfbd3e0 commit 5a20fbed64b10bb79024f7f413e4de9697c68b44 sminnee committed Oct 15, 2010
Showing with 15 additions and 0 deletions.
  1. +4 −0 .htaccess
  2. +11 −0 install.php
View
@@ -13,6 +13,10 @@
ErrorDocument 404 /assets/error-404.html
ErrorDocument 500 /assets/error-500.html
+<IfModule mod_alias.c>
+ RedirectMatch 403 /silverstripe-cache(/|$)
+</IfModule>
+
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI} ^(.*)$
View
@@ -1122,6 +1122,10 @@ function createHtaccess() {
ErrorDocument 404 /assets/error-404.html
ErrorDocument 500 /assets/error-500.html
+<IfModule mod_alias.c>
+ RedirectMatch 403 /silverstripe-cache(/|$)
+</IfModule>
+
<IfModule mod_rewrite.c>
RewriteEngine On
$baseClause
@@ -1156,6 +1160,13 @@ function createWebConfig() {
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.webServer>
+ <security>
+ <requestFiltering>
+ <hiddenSegments applyToWebDAV="false">
+ <add segment="silverstripe-cache" />
+ </hiddenSegments>
+ </requestFiltering>
+ </security>
<rewrite>
<rules>
<rule name="SilverStripe Clean URLs" stopProcessing="true">

0 comments on commit 5a20fbe

Please sign in to comment.