Grav: Disable direct access to .MD files via .htaccess
And all other files that should not be exposed from the site root folder
flaviocopes
All 5 comments
rhukster
on 19 Oct 2015
If you give me the ok, I'll add the same for
- .dependencies
- .editorconfig
- .gitignore
- composer.json
- composer.lock
- LICENSE
- nginx.conf
- web.config
flaviocopes
on 19 Oct 2015
I guess its not a bad idea to have those blocked too. So yup :)
rhukster
on 19 Oct 2015
Apache warns against (over)use of modrewrit: https://httpd.apache.org/docs/2.4/rewrite/avoid.html
You should use RedirectMatch, for example like this:
## Begin - Security
# Block all direct access for these folders
RedirectMatch 404 (.git|tests|.AbiSuite|nbproject|.idea)
# Block access to specific file types for these system folders
RedirectMatch 404 (vendor)/(.*)\.(txt|xml|md|html|yaml|php|pl|py|cgi|twig|sh|bat|dist|json|exe)
# Block all direct access to .md files:
RedirectMatch 404 \.md
# Block access to specific files in the root folder
RedirectMatch 404 (composer.lock|composer.json|\.htaccess|LICENSE)
## End - Security
Sitethief
on 28 Jun 2016
It's a good suggestion, however it poses another requirement for Grav on mod_alias, which might be an issue, or not.
flaviocopes
on 28 Jun 2016
Related issues
ghtmtt
路
3Comments
fvsch
路
3Comments
vico93
路
5Comments
bmrankin
路
3Comments
tdulieu
路
3Comments
Most helpful comment
Apache warns against (over)use of modrewrit: https://httpd.apache.org/docs/2.4/rewrite/avoid.html
You should use RedirectMatch, for example like this:
## Begin - Security# Block all direct access for these foldersRedirectMatch 404 (.git|tests|.AbiSuite|nbproject|.idea)# Block access to specific file types for these system foldersRedirectMatch 404 (vendor)/(.*)\.(txt|xml|md|html|yaml|php|pl|py|cgi|twig|sh|bat|dist|json|exe)# Block all direct access to .md files:RedirectMatch 404 \.md# Block access to specific files in the root folderRedirectMatch 404 (composer.lock|composer.json|\.htaccess|LICENSE)## End - Security