You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by co...@hyperreal.org on 1998/08/30 04:51:43 UTC
cvs commit: apache-1.3/conf srm.conf-dist srm.conf-dist-win
coar 98/08/29 19:51:42
Modified: conf srm.conf-dist srm.conf-dist-win
Log:
Protect .htaccess files by default.
PR: 2795
Revision Changes Path
1.24 +12 -0 apache-1.3/conf/srm.conf-dist
Index: srm.conf-dist
===================================================================
RCS file: /export/home/cvs/apache-1.3/conf/srm.conf-dist,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -r1.23 -r1.24
--- srm.conf-dist 1998/07/15 14:50:28 1.23
+++ srm.conf-dist 1998/08/30 02:51:42 1.24
@@ -91,6 +91,18 @@
AccessFileName .htaccess
+# The following lines prevent .htaccess files from being viewed by
+# Web clients. Since .htaccess files often contain authorization
+# information, access is disallowed for security reasons. Comment
+# these lines out if you want Web visitors to see the contents of
+# .htaccess files. If you change the AccessFileName directive above,
+# be sure to make the corresponding changes here.
+
+<FilesMatch "^\.htaccess$">
+ Order allow,deny
+ Deny from all
+</FilesMatch>
+
# TypesConfig describes where the mime.types file (or equivalent) is
# to be found.
1.15 +12 -0 apache-1.3/conf/srm.conf-dist-win
Index: srm.conf-dist-win
===================================================================
RCS file: /export/home/cvs/apache-1.3/conf/srm.conf-dist-win,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- srm.conf-dist-win 1998/08/23 17:54:03 1.14
+++ srm.conf-dist-win 1998/08/30 02:51:42 1.15
@@ -99,6 +99,18 @@
AccessFileName .htaccess
+# The following lines prevent .htaccess files from being viewed by
+# Web clients. Since .htaccess files often contain authorization
+# information, access is disallowed for security reasons. Comment
+# these lines out if you want Web visitors to see the contents of
+# .htaccess files. If you change the AccessFileName directive above,
+# be sure to make the corresponding changes here.
+
+<FilesMatch "^\.htaccess$">
+ Order allow,deny
+ Deny from all
+</FilesMatch>
+
# TypesConfig describes where the mime.types file (or equivalent) is
# to be found.
Re: cvs commit: apache-1.3/conf srm.conf-dist srm.conf-dist-win
Posted by Marc Slemko <ma...@worldgate.com>.
On 30 Aug 1998 coar@hyperreal.org wrote:
> coar 98/08/29 19:51:42
>
> Modified: conf srm.conf-dist srm.conf-dist-win
> Log:
> Protect .htaccess files by default.
>
> PR: 2795
>
> Revision Changes Path
> 1.24 +12 -0 apache-1.3/conf/srm.conf-dist
>
> Index: srm.conf-dist
> ===================================================================
> RCS file: /export/home/cvs/apache-1.3/conf/srm.conf-dist,v
> retrieving revision 1.23
> retrieving revision 1.24
> diff -u -r1.23 -r1.24
> --- srm.conf-dist 1998/07/15 14:50:28 1.23
> +++ srm.conf-dist 1998/08/30 02:51:42 1.24
> @@ -91,6 +91,18 @@
>
> AccessFileName .htaccess
>
> +# The following lines prevent .htaccess files from being viewed by
> +# Web clients. Since .htaccess files often contain authorization
> +# information, access is disallowed for security reasons. Comment
> +# these lines out if you want Web visitors to see the contents of
> +# .htaccess files. If you change the AccessFileName directive above,
> +# be sure to make the corresponding changes here.
> +
> +<FilesMatch "^\.htaccess$">
> + Order allow,deny
> + Deny from all
> +</FilesMatch>
> +
"Order" and "Deny" should be lowercase to match up with all the other
places they are.
Why are we using FilesMatch instead of just using Files?
_please_ don't decide to start making a new style for config files by
creating indentation in one place where the other 95% of the file doesn't
have any. Self-consistency is good.
It is bad enough that the HTML is a horrid mish-mash from some people
trying to enforce their view of what HTML should be like in anything they
touch instead of keeping with the existing format.