enhanced .htaccess files for supporting both Apache 2.2 and 2.4 (#2982)

src/.htaccess

@@ -2,9 +2,6 @@
 # This file is required for short urls to function.
 # ----------------------------------------------------------------------
 
-# security options if they work in your environment. If you get a 500 error then they wont.
-# These settings are best turned off in php.ini and will be on modern hosting environemnts.
-
 <IfModule mod_rewrite.c>
     # Turn the rewriting engine on
     RewriteEngine On

src/app/.htaccess

@@ -1,5 +1,27 @@
-deny from all
+# ------------------------------------------------------------------
+# Purpose of file: block any web access to unallowed files
+#                  stored under the /app directory
+# ------------------------------------------------------------------
+
+# Apache 2.2
+<IfModule !mod_authz_core.c>
+    Deny from all
+</IfModule>
+
+# Apache 2.4
+<IfModule mod_authz_core.c>
+    Require all denied
+</IfModule>
+
 <FilesMatch "(?i)\.(css|js|jpg|jpeg|gif|png|svg)$">
-order allow,deny
-allow from all
+    # Apache 2.2
+    <IfModule !mod_authz_core.c>
+        Order allow,deny
+        Allow from all
+    </IfModule>
+
+    # Apache 2.4
+    <IfModule mod_authz_core.c>
+        Require all granted
+    </IfModule>
 </FilesMatch>

src/app/cache/.htaccess

@@ -1,2 +1,14 @@
-Order deny,allow
-deny from all
+# ------------------------------------------------------------------
+# Purpose of file: block any web access to unallowed files
+#                  stored under the /app/cache directory
+# ------------------------------------------------------------------
+
+# Apache 2.2
+<IfModule !mod_authz_core.c>
+    Deny from all
+</IfModule>
+
+# Apache 2.4
+<IfModule mod_authz_core.c>
+    Require all denied
+</IfModule>

src/app/logs/.htaccess

@@ -1,2 +1,14 @@
-Order deny,allow
-deny from all
+# ------------------------------------------------------------------
+# Purpose of file: block any web access to unallowed files
+#                  stored under the /app/logs directory
+# ------------------------------------------------------------------
+
+# Apache 2.2
+<IfModule !mod_authz_core.c>
+    Deny from all
+</IfModule>
+
+# Apache 2.4
+<IfModule mod_authz_core.c>
+    Require all denied
+</IfModule>

src/config/.htaccess

@@ -1,5 +1,27 @@
-deny from all
+# ------------------------------------------------------------------
+# Purpose of file: block any web access to unallowed files
+#                  stored under the /config directory
+# ------------------------------------------------------------------
+
+# Apache 2.2
+<IfModule !mod_authz_core.c>
+    Deny from all
+</IfModule>
+
+# Apache 2.4
+<IfModule mod_authz_core.c>
+    Require all denied
+</IfModule>
+
 <FilesMatch "(?i)\.(css|js|png|gif|jpg|jpeg|bmp)$">
-order allow,deny
-allow from all
-</filesmatch>
+    # Apache 2.2
+    <IfModule !mod_authz_core.c>
+        Order allow,deny
+        Allow from all
+    </IfModule>
+
+    # Apache 2.4
+    <IfModule mod_authz_core.c>
+        Require all granted
+    </IfModule>
+</FilesMatch>

src/javascript/.htaccess

@@ -1,5 +1,27 @@
-deny from all
-<FilesMatch "(?i)\.(css|js|jpg|jpeg|gif|png)$">
-order allow,deny
-allow from all
-</filesmatch>
+# ------------------------------------------------------------------
+# Purpose of file: block any web access to unallowed files
+#                  stored under the /javascript directory
+# ------------------------------------------------------------------
+
+# Apache 2.2
+<IfModule !mod_authz_core.c>
+    Deny from all
+</IfModule>
+
+# Apache 2.4
+<IfModule mod_authz_core.c>
+    Require all denied
+</IfModule>
+
+<FilesMatch "(?i)\.(css|gif|jpg|jpeg|js|png)$">
+    # Apache 2.2
+    <IfModule !mod_authz_core.c>
+        Order allow,deny
+        Allow from all
+    </IfModule>
+
+    # Apache 2.4
+    <IfModule mod_authz_core.c>
+        Require all granted
+    </IfModule>
+</FilesMatch>

src/lib/.htaccess

@@ -1,2 +1,14 @@
-Order deny,allow
-Deny from all
+# ------------------------------------------------------------------
+# Purpose of file: block any web access to unallowed files
+#                  stored under the /lib directory
+# ------------------------------------------------------------------
+
+# Apache 2.2
+<IfModule !mod_authz_core.c>
+    Deny from all
+</IfModule>
+
+# Apache 2.4
+<IfModule mod_authz_core.c>
+    Require all denied
+</IfModule>

src/modules/.htaccess

@@ -1,6 +1,27 @@
-Deny from all
+# ------------------------------------------------------------------
+# Purpose of file: block any web access to unallowed files
+#                  stored under the /modules directory
+# ------------------------------------------------------------------
+
+# Apache 2.2
+<IfModule !mod_authz_core.c>
+    Deny from all
+</IfModule>
+
+# Apache 2.4
+<IfModule mod_authz_core.c>
+    Require all denied
+</IfModule>
 
 <FilesMatch "(?i)\.(css|css\.map|eot|flv|gif|ico|jpeg|jpg|js|map|mp4|ogv|pdf|png|svg|swf|ttf|webm|woff)$">
-    Order Allow,Deny
-    Allow from all
+    # Apache 2.2
+    <IfModule !mod_authz_core.c>
+        Order allow,deny
+        Allow from all
+    </IfModule>
+
+    # Apache 2.4
+    <IfModule mod_authz_core.c>
+        Require all granted
+    </IfModule>
 </FilesMatch>

src/plugins/.htaccess

@@ -1,5 +1,27 @@
-deny from all
-<FilesMatch "(?i)\.(css|js|png|gif|jpg|jpeg|swf)$">
-order allow,deny
-allow from all
+# ------------------------------------------------------------------
+# Purpose of file: block any web access to unallowed files
+#                  stored under the /plugins directory
+# ------------------------------------------------------------------
+
+# Apache 2.2
+<IfModule !mod_authz_core.c>
+    Deny from all
+</IfModule>
+
+# Apache 2.4
+<IfModule mod_authz_core.c>
+    Require all denied
+</IfModule>
+
+<FilesMatch "(?i)\.(css|js|gif|jpg|jpeg|png|swf)$">
+    # Apache 2.2
+    <IfModule !mod_authz_core.c>
+        Order allow,deny
+        Allow from all
+    </IfModule>
+
+    # Apache 2.4
+    <IfModule mod_authz_core.c>
+        Require all granted
+    </IfModule>
 </FilesMatch>

src/plugins/Imagine/templates/default.htaccess

@@ -1,9 +1,27 @@
-# ----------------------------------------------------------------------
-# Purpose of file: block any web access to not allowed files
+# ------------------------------------------------------------------
+# Purpose of file: block any web access to unallowed files
 #                  stored under the imagine thumbnails directory
-# ----------------------------------------------------------------------
-deny from all
+# ------------------------------------------------------------------
+
+# Apache 2.2
+<IfModule !mod_authz_core.c>
+    Deny from all
+</IfModule>
+
+# Apache 2.4
+<IfModule mod_authz_core.c>
+    Require all denied
+</IfModule>
+
 <FilesMatch "(?i)\.(png|gif|jpg|jpeg)$">
-order allow,deny
-allow from all
-</filesmatch>
+    # Apache 2.2
+    <IfModule !mod_authz_core.c>
+        Order allow,deny
+        Allow from all
+    </IfModule>
+
+    # Apache 2.4
+    <IfModule mod_authz_core.c>
+        Require all granted
+    </IfModule>
+</FilesMatch>

src/style/.htaccess

@@ -1,9 +1,27 @@
-# ----------------------------------------------------------------------
-# Purpose of file: block any web access to files stored under
-#                  the style/ directory
-# ----------------------------------------------------------------------
-deny from all
-<FilesMatch "\.(css)$">
-order allow,deny
-allow from all
-</filesmatch>
+# ------------------------------------------------------------------
+# Purpose of file: block any web access to unallowed files
+#                  stored under the /style directory
+# ------------------------------------------------------------------
+
+# Apache 2.2
+<IfModule !mod_authz_core.c>
+    Deny from all
+</IfModule>
+
+# Apache 2.4
+<IfModule mod_authz_core.c>
+    Require all denied
+</IfModule>
+
+<FilesMatch "(?i)\.(css|gif)$">
+    # Apache 2.2
+    <IfModule !mod_authz_core.c>
+        Order allow,deny
+        Allow from all
+    </IfModule>
+
+    # Apache 2.4
+    <IfModule mod_authz_core.c>
+        Require all granted
+    </IfModule>
+</FilesMatch>

src/system/.htaccess

@@ -1,5 +1,27 @@
-deny from all
-<FilesMatch "(?i)\.(css|css\.map|js|jpg|jpeg|gif|png)$">
-order allow,deny
-allow from all
+# ------------------------------------------------------------------
+# Purpose of file: block any web access to unallowed files
+#                  stored under the /system directory
+# ------------------------------------------------------------------
+
+# Apache 2.2
+<IfModule !mod_authz_core.c>
+    Deny from all
+</IfModule>
+
+# Apache 2.4
+<IfModule mod_authz_core.c>
+    Require all denied
+</IfModule>
+
+<FilesMatch "(?i)\.(css|css\.map|gif|jpg|jpeg|js|png)$">
+    # Apache 2.2
+    <IfModule !mod_authz_core.c>
+        Order allow,deny
+        Allow from all
+    </IfModule>
+
+    # Apache 2.4
+    <IfModule mod_authz_core.c>
+        Require all granted
+    </IfModule>
 </FilesMatch>

src/themes/.htaccess

@@ -1,6 +1,27 @@
-Deny from all
+# ------------------------------------------------------------------
+# Purpose of file: block any web access to unallowed files
+#                  stored under the /themes directory
+# ------------------------------------------------------------------
+
+# Apache 2.2
+<IfModule !mod_authz_core.c>
+    Deny from all
+</IfModule>
+
+# Apache 2.4
+<IfModule mod_authz_core.c>
+    Require all denied
+</IfModule>
 
 <FilesMatch "(?i)\.(css|eot|flv|gif|ico|jpeg|jpg|js|map|mp4|ogv|pdf|png|svg|swf|ttf|webm|woff)$">
-    Order Allow,Deny
-    Allow from all
+    # Apache 2.2
+    <IfModule !mod_authz_core.c>
+        Order allow,deny
+        Allow from all
+    </IfModule>
+
+    # Apache 2.4
+    <IfModule mod_authz_core.c>
+        Require all granted
+    </IfModule>
 </FilesMatch>

src/userdata/.htaccess

@@ -1,5 +1,27 @@
-deny from all
+# ------------------------------------------------------------------
+# Purpose of file: block any web access to unallowed files
+#                  stored under the /userdata directory
+# ------------------------------------------------------------------
+
+# Apache 2.2
+<IfModule !mod_authz_core.c>
+    Deny from all
+</IfModule>
+
+# Apache 2.4
+<IfModule mod_authz_core.c>
+    Require all denied
+</IfModule>
+
 <FilesMatch "(?i)\.(css|js|rss|png|gif|jpg|jpeg|psd|svg|txt|rtf|xml|pdf|sdt|odt|doc|docx|pps|ppt|pptx|xls|xlsx|mp3|wav|wma|avi|flv|mov|mp4|rm|vob|wmv|gz|rar|tar.gz|zip)$">
-order allow,deny
-allow from all
-</filesmatch>
+    # Apache 2.2
+    <IfModule !mod_authz_core.c>
+        Order allow,deny
+        Allow from all
+    </IfModule>
+
+    # Apache 2.4
+    <IfModule mod_authz_core.c>
+        Require all granted
+    </IfModule>
+</FilesMatch>